Information Security Threats
Cyberattacks: These attacks can attempt to compromise an organization’s data from any number of directions, including advanced persistent threat (APT) attacks, botnets (robot networks), distributed denial-of-service (DDoS), “drive-by” download attacks (which download malicious code automatically), malware, phishing, ransomware, viruses and worms.
Employee error: People can lose mobile equipment loaded with sensitive information, visit dangerous websites on company equipment or use easy-to-crack passwords.
Ineffective endpoint security: Any laptop, mobile device or PC can be an entrypoint into an organization’s IT system in the absence of adequate antivirus or endpoint security solutions.
Insider threats: There are two types of insider threats.
According to the X-Force Threat Intelligence Index report, 32% of security incidents involve malicious use of legitimate tools. The incidents include credential theft, reconnaissance, remote access and data exfiltration.
Misconfigurations: Organizations rely on various IT platforms and tools, including cloud-based data storage options, infrastructure as a service (IaaS), software as a service (SaaS) integrations and web applications from various providers. Improper configurations of any of these assets can pose security risks. Also, provider or internal changes can lead to “configuration drift,” where valid settings go out-of-date.
Social engineering: Social engineering attacks trick employees into divulging sensitive information or passwords that open the door to malicious acts. It can also happen that while trying to promote an organization through social media, employees might mistakenly divulge too much personal or business information that can be used by attackers.
Statlearner
Statlearner