According to a recent research effort, most of the top business issues with security this year are exactly the same as last year. Sure, losses have increased, companies have gotten smart about insurance claims, but for the most part, they’re making exactly the same mistakes. Not surprisingly, the all-time popular issue is still around passwords. While Microsoft maintains that passwords will soon become a thing of the past, to be replaced by sexy biometrics and ubiquitous tokens 80% of businesses still apply poor controls around their password management.
Here, then, are the top 10 issues that companies still face in their battle for information security:
- Lack of a crisis management plan
When was the last time you tested your backups or thought about business continuity?
- No written policies and procedures
Without clear leadership, employees cant be expected to understand or care.
- Focus on one aspect of information security at the expense of others
What good is a strong firewall if someone can simply walk in and out with the server?
- Too many open doors
New software forces companies to open yet another port on their network, creating another vulnerability.
- Insecure gateways
Semi-insiders such as partners and clients often have more access than they should through intranets and extranets.
- Employee access & passwords
Employees connecting from non-secure computers at home represent just as much of a threat as if they had malicious intentions.
- Viruses and worms
Aside from their destructive potential, these marvels of software develpment open doors into your computer and make themselves at home.
- Software patches
Many vulnerabilities are exploited because software is not up to date. Youre paying good money for it, so why not have the latest version?
- System misconfigurations
How often do you install and leave your network components/software with default settings?
- Lack of understanding and interest at the management levels
Claudiu Popa is an executive security advisor with Informatica Security Corporation in Toronto, Canada. A trusted expert on matters of corporate information security and regular speaker, Claudiu publishes The PULSE, a free, monthly e-mail newsletter available at InformationSecurityCanada.com. He can be reached directly at Claudiu@InformationSecurity.com.