Posted by Susan Sison on Jun 30, 2015 8:33:00 AM
The Biggest Security Threat: Your Employees?
It can be one of the trickier, touchiest subjects that any IT security team has to deal with - namely, that one of the most vulnerable parts of any company are the actual users and employees of that company. That's right - the employees of a company, the ones tasked with the growing, managing and protecting the company and its assets, are the biggest security risk to the company.
How can that be? Is this to say that all employees are disgruntled, apathetic, even dangerous? Who does the hiring in this place, anyway?
They Mean Well...
Of course, we are not saying that your employees are actively trying to hurt your company. Most employees love their company, and they take pride in growing and protecting the place where they work. True, some employees to do engage in bad and even illegal activities against their company. But that's only a tiny number - the vast majority of employees work hard to take care of their company.
Most employees would never dream of harming their company. But the reality is, many of them do it without even knowing it.
...but They're Still Challenged
In truth, employees are among the very best vectors for hackers to use in accessing your company. Phishing attacks, social engineering, and a host of other attacks are specifically designed to manipulate and take advantage of unsuspecting employees and gain access to your company. Just a few of the most recent attacks to use these techniques include:
- The Sony Hack of last year began with a series of phishing attacks, that eventually gained access to Sony's internal environment.
- A recent hack of the US Government compromised the personal records of 4 million employees, and began with a spear phishing attack against workers at the agency.
- Phishing attacks were utilized for both the Target and Home Depot hacks.
NCA Education and Penetration Testing
We see these kinds of issues on a pretty regular basis, and that's why we offer pen testing and education for our customer's employees. With pen testing services, we can test how well they respond to certain kinds of attacks, and education to help them identify those attacks.
We perform pen testing services for our customers, and create customized learning for their employees, tailored to meet their specific needs. If you'd like to learn more about our pen testing services or education, contact us here>>
Network Computing Architects, Inc. is a premier provider of high quality sustainable and secure networking, information security solutions and unified communications. We partner with our clients to provide answers to business initiatives where leading technologies converge.
NCA achieved ISO 27001:2005 certification in December 2007 and is currently ISO 27001:2013 certified. The scope of NCA's ISMS is client confidential information within NCA Professional Services Practice.