Get Ready It's a Jungle Out There
Few days into 2012 and it is clear that corporate risk level are still high and security officers should continue to be on high alert.
When it comes to customer data, private and non-public information, application level attacks continue to lead the charts of top attack vectors. It is amazing that organizations are still not adopting strict security programs that enforce security standards. A recent event from Israel hows how a relatively simple attack (that could have been easily prevented) is creating real pain to customers as well and drives an entire nation amuck in fear of cyber security.
While Application level vulnerabilities increase the risk factor for attacks and hacks on private and other types of sensitive data it is less relevant for corporate governance and compliance. Lack of proper policy enforcement and visibility into employees activity (especially privileged users) is increasing the risk of fraud, unauthorized access to data, corporate espionage, data leakage and other types of non-compliance. Leveraging the great cost and scale benefits of cloud computing and virtualization is the risk officer’s visibility nightmare, as these systems do not follow the “right” corporate behavior which is essential for monitoring: The Cloud is elastic by nature, can be provisioned automatically and migrate between systems and even data centers dynamically.
So, on one hand nothing was changed – compliance, visibility, application control and user activity continue to be the top risk factors, but on the other hand, the associated attack vectors are more serious and as a result, also the consequences. As Randy Newman wrote, ‘it’s a jungle out there’.
Be safe.
-- Sharon
(image source: http://www.crisisriskmanagement.com/)
Comments
Post new comment