Types of security threats
Protecting against password attacks
Download 257.48 Kb.
|
Types of security threats
- Bu sahifa navigatsiya:
- 7. Insider threats
- Protecting against insider threats
|
Protecting against password attacks
Beyond educating employees on the importance of using strong passwords to prevent putting your company at risk, there are several other best practices to be aware of to ensure you’re protected against password attacks. These include using multi-factor authentication (MFA) that requires users to provide more than a single piece of information to gain access, as well as running regular penetration tests (pen tests) to assess the security of your system. 7. Insider threats It's often said that the biggest weakness in any security system is the part sitting behind the keyboard. While many of the above threats can be assisted by careless employees who don't follow basic security guidelines, you should also be taking steps to ensure your employees can't harm the business deliberately, as well as accidentally. Although it’s not the top cybersecurity concern, 17% of companies still consider protecting against insider threats a significant challenge this year. Malicious insiders who are looking to extract data or damage systems are a threat that any business may face, and it can be tough to predict, so it pays to take precautions. Protecting against insider threats Ensuring all employees have the right level of access is the first step. Restricting users to only the applications and data they need to do their job can be a great help - but of course, it will not stop privileged users and those who have a legitimate need to access sensitive information. It’s also important to hold security training sessions to make sure your staff are aware of insider threats and the risk they pose. Therefore, this needs to be backed up with effective monitoring that can quickly identify any unusual or suspicious activity and shut it down, or challenge users to confirm they have a genuine reason for their actions. 8. DDoS Distributed Denial of Service (DDoS) attacks involve an attacker flooding a system - often a web server - with traffic requests until it simply can’t cope with the volume of requests it’s being asked to deliver, with the result being that it slows to a crawl and is effectively taken offline. This is a particularly tricky form of attack to deal with as it takes little skill to pull off and doesn’t require attackers to actually breach a firm's perimeter, which is likely what renders it the biggest cybersecurity challenge for 10% of companies. Indeed, botnets that provide the resources needed to launch a DDoS attack can be bought on the dark web for just a few dollars. Until recently, DDoS attackers were regarded as more of a nuisance than a serious threat to firms. They might take a website offline for a few hours, which would certainly have an impact on revenue for digital-focused firms, but that was about the limit of their impact. Now, however, the landscape is different. Sustained botnet attacks are bigger than ever before and can last for days or weeks rather than hours, and they're also increasingly used as a cover for other attacks, such as data exfiltration, rather than being an end in themselves. Download 257.48 Kb. Do'stlaringiz bilan baham: 
|