Field Guide: Types of People Behind Today’s Corporate Security Threats
ZDNet (12/02/13) Detwiler, Bill
ZDNet has created a field guide to help corporations identify and defend against security threats. The field guide notes that employees are often a company’s greatest security threat. These threats can come about through deliberate actions by employees or through a mistake made by a well-meaning individual. To avoid having employees become threats, it is important that companies have good governance, set and enforce policies, offer education for employees, and take steps to know their employees. Though not typically behind attacks, CEOs and small business owners face the same attack vectors as other employees, such as phishing, social engineering, and infected USB drives. But higher-level employees can pose greater security risks because they are bigger targets, have greater access to corporate networks, and are often exempt from normal security policies. Though the same security techniques used for other employees can help protect CEOs, IT needs to be aware of the political implications of dealing with high-level employees and how to maintain security in instances where they cannot say no to a demand from management. Organized criminals are also a threat, as their attacks have become more sophisticated, and often involve skilled programmers and rented networks for launching distributed denial-of-service (DDoS) attacks and spamming campaigns. Companies can take steps to protect themselves from organized criminals by securing devices and networks, educating employees about IT security, and by establishing and enforcing strong security policies.