Corporate Security Systems: What Needs To be Addressed?

corporate security systems

The corporate world is experiencing a continuous growth of cyber threats through a variety of ways via email, web and even social media. The most prominent incident was when a major US retailer’s credit and debit accounts were devoid of 110 million records with a malware in its point-of-sale system.

It is just one example of the many ways by which businesses can be vulnerable and the truth is, there are still a lot of ways by which cyber-attacks can threaten businesses.

Below is a brief overview of the common threats that corporate security systems need to address:

Website threats

Malware can enter a system through a variety of web surfing applications. An example is through Cross-Site Request Forgery (CSRF) attacks. A normal-looking website can generate requests to various sites that then take advantage of vulnerabilities, let us say Twitter. The exploit then gives access to the hacker the acquired Twitter accounts of their visitors. Web 2.0 applications often use XML, XPath,  JavaScript and JSON, Adobe Flash and other similar feature-rich applications that can be injected with malware. Often times, these malware can bypass your anti-virus defenses.

Another form of a website threat is the “drive-by” download. When an innocent user visits a website, a malware is automatically downloaded to their computer. Occasionally, a pop-up window will appear and the visitor will click the “OK” button and that is when a small program like a Java applet, an ActiveX control and similar, will be installed on the visitor’s computer without them knowing. There have been cases that a malware is being served to unsuspecting visitors from legitimate websites have been hacked. These are grave issues for websites being maintained by smaller businesses. In mid-2013 there has been an instance that approximately 30,000 new sites are being created per day just to be used for malware distribution.

Spam

Although spam is the least “interesting” when it comes to email threats, it has actually significantly dropped in terms of proportion since the late 2010. Though spam still continues to be unwantedly received by many organizations, an anti-spam solution that is part of corporate security systems is still able to filter over 70% of the mail on a daily basis. Prior to 2010, the number is at 80-90 percent spam. Also, these enormous unwanted emails still consume the precious bandwidth and storage spaces in workplaces.

Direct attacks

Direct attacks can include a number of exploits. Hackers can own business by using a known vulnerability in a web browser. They can also exploit older versions of a browser or ActiveX control. This is actually an issue with teleworkers who do not update their computer systems to get the latest security patches available. Often, measures implemented are different with office or work computers.

While it is a fact that every organization has its own limitations when it comes to resources like infrastructure, staff, or training, it is still not an excuse to put everything at work at risk. A corporation should give priority to these ongoing threats, after all, it is your business that is at stake here, not another entity.