Protecting inside assets from outside threats

(Image credit: Image Credit: IAmMrRob / Pixabay)

All workers, in any and every business, are highly susceptible to a range of cyber-attacks on a daily basis.

It is the job of IT security managers to oversee what makes their organisation vulnerable, and devise solutions to combat such attacks. The long list of potential vulnerabilities includes everything from roaming devices, to a lack of protective investment.

Below are the ways that cyber-attacks can damage an enterprise.

How singular cases of human error can affect revenue

All cyber-attacks can damage businesses financially - whether this is through lost productivity, as experts look for a solution to the attack, money stolen directly from accounts, or damage made to a company’s reputation. 

It is far simpler to compromise corporate systems with sophisticated malware that can impact an entire enterprise than we may think. For example, it only takes one click, on one email, for a company to fall victim to a malware attack. The following hours therefore are spent dealing with the attack, causing lost productivity until the security team finds a solution. One employee who spots a something during their work day that interests them, whether it’s an advertisement or a message from a hacker posing as a colleague, who then reads the email and follows a malicious link, could be putting the company’s entire network at risk. 

Over a period of weeks, or even months, criminals could also use malware to watch an organisation’s normal operations. They can learn and then plan to how to hide their activities by making them look legitimate. As a result, there is no guarantee that staff will correctly identify and ignore a phishing email, or a suspicious attachment or link. 

Endpoints in the crosshairs

Endpoints – including computers and tablets – are one of the most susceptible targets in an organisation, because it’s often easier for attackers to prey on unsuspecting, non-technical employees. Especially through an endpoint that is often left unprotected, like a work phone.

Although some IT security professionals go to great lengths to secure every endpoint, they could be left helpless if a member of staff does something to unintentionally launch a malicious cyber-attack on the company – i.e. by not implementing a password on one of their work devices and then leaving it unattended.

This doesn’t just happen because employees click on attachments or links in phishing e-mails, or leave their devices lying around. It may that an employee who works from home decides to save work to an external device (like a USB drive), then take the removable drive back into the office the next day. If their home computer is infected, they might transfer the infection to the corporate network. Or they may use a cloud service, instead of physical media, to save the data – but with the same result. 

Similarly, if staff use their own tablets or smartphones in the office, they are potentially connecting an unprotected endpoint to the corporate network and putting the entire company at risk. 

Cyberattack prevention 

A multi-layered security approach – that encompasses all business assets, including office desk computers and laptops, as well as bring-your-own devices (BYOD) like mobiles and tablets – is crucial to fighting off cyber-attacks.

In addition, the introduction of a gateway security solution can help protect an organisation from the threats of the outside world. With gateway-applicable threat protection blocking incoming threats, this approach can both reduce unnecessary downtime and stress and improve productivity and performance, to save both time and revenue. A gateway security solution should include an anti-phishing system, which will remove any potential risk of employees being manipulated into launching malware, as well as defend endpoints across a business to minimise the number of potential incidents. This ensures fewer panicked users and more focus on primary work tasks.

IT security specialists can also introduce access restrictions on online resources and sites for those users who do not need them to do their work, thereby ensuring they can concentrate on their responsibilities and avoid distraction.

With this protection in place, John – and other employees – can go about their responsibilities without having to worry that they could inadvertently open their employer to the risk of a cyberattack, and work safely in the knowledge that the organisation is defended against all potential threats, however they try to infiltrate the network.

David Emm, Principal Security Researcher at Kaspersky Lab

David Emm

David Emm is Principal Security Researcher at Kaspersky Lab, a provider of security and threat management solutions. He has been with Kaspersky Lab since 2004 and is a member of the company’s Global Research and Analysis Team. He has over 11 years of working experience.