3 major risks enterprises face in the era of digital interconnectivity
Today, enterprise-scale companies are more interconnected than ever. People, applications, servers, networks, and devices in different departments and even in different parts of the world are constantly exchanging information in both the public and private cloud. That’s not a bad thing. In fact, most organizations strive for this kind of silo-less interconnectivity. Desirable as it may be, however, it’s not risk-free.
There are cybercriminals ready to exploit any vulnerability in an organization’s digital defences. That much should be obvious from the 60 000-plus reports of fraud and cybercrime that came from UK businesses in 2021. It’s critical, therefore, that organizations do everything possible to understand and mitigate those risks.
Failing to do so not only means putting their own businesses at risk but also data held by their clients, partners, and employees. That, in turn, opens those organizations up to reputational damage as well as fines and even prosecution. With that in mind, here are three of the most common threats faced by today’s organizations and the methods they can use to mitigate them.
- Weaknesses in user access controls
Most of us know that we should have strong, unique passwords and practice things like multi-factor authentication (MFA) in our personal lives, but how many of us actually do so? Given that around 56 percent of people in the UK use the same password for multiple accounts, I’d wager the number is worryingly small.
Many of those habits carry over into the enterprise world too. That makes identity and access management (IAM) tools like two-factor authentication (2FA) and multi-factor authentication (MFA) incredibly important. They are not, however, cure-alls and there are other risks that organizations need to be aware of when it comes to access management.
These include the fact that business applications are typically built on top of complex technology stacks and deployed with a wide variety of service accounts, local users, interface users, and standard accounts. Most IAM solutions are not able to fully secure these accounts. Another risk comes from the complexity of most business processes. With numerous internal and external users accessing data simultaneously, assigning the right set of authorizations can be challenging. Additionally, if this isn’t done properly, it can lead to risks in the segregation of duties and critical access areas.
It’s worth pointing out that even the most sophisticated network authentication can’t stop a disgruntled employee (for example) from seeing sensitive company documents and leveraging them to their advantage. It’s therefore critical that enterprises carefully regulate which applications, transactions, resources, and systems people can access. Not doing so puts the entire system at risk.
- Problematic patch management
Did you know that it takes an average of 97 days from a vulnerability being identified to a patch being deployed applied, tested, and fully deployed on an endpoint? Or that the number’s even higher for servers, and even higher when it comes to business-critical applications? That’s a serious problem. The longer it takes an organization to patch a vulnerability, the more time cybercriminals have to exploit it. That becomes even more worrying when you factor in that it can take as little as three hours for hackers to exploit newly-discovered vulnerabilities in internet-facing business applications.
Many of the delays related to patch management come from the fact that manually installing patches is time-consuming for IT teams that are already over-stretched. It can also be difficult to know which patch to prioritize if they start piling up.
The right vulnerability management platform can, however, help alleviate much of the strain felt by patch management teams. As well as providing IT teams full visibility of their entire IT ecosystem, including on-premise, cloud, and hybrid environments, these platforms can help keep a track of previous vulnerabilities, provide them with a comprehensive record of all their assets, and a full understanding of their attack surface.
- Custom code
No matter how good an off-the-shelf application or productivity suite are functionally, enterprise-scale organizations all make use of custom code at some point. Indeed, it’s critical to an organization’s ability to adapt those applications to their needs and existing business processes. Trouble is that custom code can be prone to security bugs, with some experts estimating that there are an average of 15 - 30 bugs in a single line of code.
When it comes to addressing these bugs, many organizations rely on manual code reviews, which are time-consuming and prone to error. A far better approach is to embrace the automated tools capable of scanning large amounts of code in just a few minutes, detecting any bugs present, and mitigating their risk.
Facing the risks
None of these risks are going to go away anytime soon. Indeed, as cybercriminals become more sophisticated and enterprises more interconnected, they’ll only become more prevalent. That makes it absolutely critical that organizations do everything they can to mitigate these risks and ensure that their systems and data are safe, starting with making cybersecurity a priority.
JP Perez-Etchegoyen is CTO of Onapsis.