Determined, capable cyber criminals don’t concentrate their efforts on the organisations that are best equipped to defend against their attacks,
they target the easy prey, those with fewer resources – financial and human – to devote to cyber security.
They take advantage of these areas of risk:
Shadow IT: (Do it yourself IT)
  • Employees use unencrypted and unsecured personal devices to do business and link to the company network;
  • Employees load and use unsanctioned software on devices that they use to conduct company business;
  • Engage third parties to resolve IT-related issues, bypassing their IT department and their IT security policies. 
Employee threats:
  • Employees are not trained in cyber security;
  • Insider Data Theft;
  • Employees and contractors have unrestricted access to all levels of company data;
  • There is no restriction on which devices an employee can attach to the network;
  • Third parties (Agents, distributors, Internet Service Providers) have unsecured and unrestricted access to networked databases network via VPN.
Technical Vulnerabilities:
  • Poorly configured Internet facing firewalls;
  • Outdated or no end-point protection;
  • Unsecured VPN connections to business critical applications/Infrastructure;
  • Unencrypted server, PC and mobile device hard drives;
  • Outdated backup technology;
  • Outdated or no disaster recovery or remediation plans.
  • No centralized and enforced IT security policies;