Determined, capable cyber criminals don’t concentrate their efforts on the organisations that are best equipped to defend against their attacks,
they target the easy prey, those with fewer resources – financial and human – to devote to cyber security.
They take advantage of these areas of risk:
Shadow IT: (Do it yourself IT)
- Employees use unencrypted and unsecured personal devices to do business and link to the company network;
- Employees load and use unsanctioned software on devices that they use to conduct company business;
- Engage third parties to resolve IT-related issues, bypassing their IT department and their IT security policies.
- Employees are not trained in cyber security;
- Insider Data Theft;
- Employees and contractors have unrestricted access to all levels of company data;
- There is no restriction on which devices an employee can attach to the network;
- Third parties (Agents, distributors, Internet Service Providers) have unsecured and unrestricted access to networked databases network via VPN.
- Poorly configured Internet facing firewalls;
- Outdated or no end-point protection;
- Unsecured VPN connections to business critical applications/Infrastructure;
- Unencrypted server, PC and mobile device hard drives;
- Outdated backup technology;
- Outdated or no disaster recovery or remediation plans.
- No centralized and enforced IT security policies;