Unveiling Security Vulnerabilities: Why secure enough is NOT an option
Common pitfalls behind the notion of "secure enough"
In an age characterized by digital advancements and interconnected business landscapes, the significance of information security cannot be overstated. As organizations increasingly rely on technology to manage and store sensitive data, the potential risks and threats to this valuable information have also grown exponentially.
Therefore, the notion of "secure enough" is no longer an acceptable stance when it comes to cloud solutions safeguarding crucial business data. With the ever-evolving nature of cyber threats, the risk is simply way too high. In fact, 60% of small businesses go out of business after falling victim to a cyber attack.
In the April episode of our ‘Who’s Next’ series, Tresorit’s very own CTO, Peter Budai, explored, together with security specialist Henk-Jan Angerman, CVO, SecWatch, why settling for anything less than an airtight security strategy is simply not an option in today's business environment. If you missed this webinar, you can now watch it back or listen to it whenever you would like to.
What is secure enough?
Is it secure enough to shut your office door once you leave the building? Do you also lock it? Do you leave the key under the doormat?
In the offline world, businesses employ a range of security measures to safeguard their office buildings and assets kept inside. Access control systems, such as key cards or biometric scans, are commonly implemented to regulate entry and restrict unauthorized personnel. Surveillance cameras strategically placed throughout the premises serve as both a deterrent and a means of monitoring activities. Intrusion detection systems and alarms add an additional layer of protection by alerting security personnel to any unauthorized access or suspicious behavior. Many businesses also invest in security personnel or private security services to maintain a visible presence and respond promptly to potential threats.
In a similar vein, businesses should also aim to create a comprehensive security framework when it comes to their assets online.
Last year, the personal information of 9,483 police officers and staff working at the Police Service of Northern Ireland (PSNI) was leaked following a Freedom of Information request. The error happened as a junior member of staff sent out an unencrypted excel document containing surnames and initials, rank, location, and department of all current PSNI officers. The incident shed light to outdated information management practices and that storing sensitive information in a mainstream software – in this case the excel sheet – is simply not secure enough.
The implementation of proper access management could have prevented this leak. Through access management, information can be limited, requiring junior staff members to seek permission for access. Storing this highly sensitive data in an encrypted format would have been paramount, too.
In fact, human error is still the number one cause of data incidents. During red team engagements, which aim to test a company’s security system, vulnerabilities related to human behavior, such as weak passwords, social engineering susceptibility, and inadequate training are also often uncovered. Addressing these factors is critical to creating a resilient security framework.
In our upcoming webinar, we'll have a closer look at security vulnerabilities encountered during red-team engagements and Henk-Jan will shed light on common pitfalls. Our aim is to provide actionable insights to fortify your organization's defense mechanisms and discuss solution that go beyond ‘secure enough’. In particular, you will:
- Gain a deeper understanding of how permissions issues can be exploited, leading to potential security breaches.
- Discover the nuances that organizations often overlook, and uncover strategies to enhance your cloud security posture.
- Learn about the challenges and opportunities of compliance frameworks like ISO27001/NIS2
If you missed this webinar, you can now watch it back whenever you would like to.