Top 10 Security Issues That Impacted Businesses In 2004

According to a recent research effort, most of the top business issues with security this year are exactly the same as last year. Sure, losses have increased, companies have gotten smart about insurance claims, but for the most part, they’re making exactly the same mistakes. Not surprisingly, the all-time popular issue is still around passwords. While Microsoft maintains that passwords will soon become a thing of the past, to be replaced by sexy biometrics and ubiquitous tokens 80% of businesses still apply poor controls around their password management.

Here, then, are the top 10 issues that companies still face in their battle for information security:

  1. Lack of a crisis management plan
    When was the last time you tested your backups or thought about business continuity?
  2. No written policies and procedures
    Without clear leadership, employees can’t be expected to understand or care.
  3. Focus on one aspect of information security at the expense of others
    What good is a strong firewall if someone can simply walk in and out with the server?
  4. Too many open doors
    New software forces companies to open yet another port on their network, creating another vulnerability.
  5. Insecure gateways
    Semi-insiders such as partners and clients often have more access than they should through intranets and extranets.
  6. Employee access & passwords
    Employees connecting from non-secure computers at home represent just as much of a threat as if they had malicious intentions.
  7. Viruses and worms
    Aside from their destructive potential, these marvels of software develpment open doors into your computer and make themselves at home.
  8. Software patches
    Many vulnerabilities are exploited because software is not up to date. You’re paying good money for it, so why not have the latest version?
  9. System misconfigurations
    How often do you install and leave your network components/software with default settings?
  10. Lack of understanding and interest at the management levels
    No comment.

Claudiu Popa is an executive security advisor with Informatica Security Corporation in Toronto, Canada. A trusted expert on matters of corporate information security and regular speaker, Claudiu publishes The PULSE, a free, monthly e-mail newsletter available at InformationSecurityCanada.com. He can be reached directly at [email protected].

Article Written by