Protecting inside assets from outside threats

(Image credit: Image Credit: IAmMrRob / Pixabay)

All workers, in any and every business, are highly susceptible to a range of cyber-attacks on a daily basis.

It is the job of IT security managers to oversee what makes their organisation vulnerable, and devise solutions to combat such attacks. The long list of potential vulnerabilities includes everything from roaming devices, to a lack of protective investment.

Below are the ways that cyber-attacks can damage an enterprise.

How singular cases of human error can affect revenue

All cyber-attacks can damage businesses financially - whether this is through lost productivity, as experts look for a solution to the attack, money stolen directly from accounts, or damage made to a company’s reputation. 

It is far simpler to compromise corporate systems with sophisticated malware that can impact an entire enterprise than we may think. For example, it only takes one click, on one email, for a company to fall victim to a malware attack. The following hours therefore are spent dealing with the attack, causing lost productivity until the security team finds a solution. One employee who spots a something during their work day that interests them, whether it’s an advertisement or a message from a hacker posing as a colleague, who then reads the email and follows a malicious link, could be putting the company’s entire network at risk. 

Over a period of weeks, or even months, criminals could also use malware to watch an organisation’s normal operations. They can learn and then plan to how to hide their activities by making them look legitimate. As a result, there is no guarantee that staff will correctly identify and ignore a phishing email, or a suspicious attachment or link. 

Endpoints in the crosshairs

Endpoints – including computers and tablets – are one of the most susceptible targets in an organisation, because it’s often easier for attackers to prey on unsuspecting, non-technical employees. Especially through an endpoint that is often left unprotected, like a work phone.

Although some IT security professionals go to great lengths to secure every endpoint, they could be left helpless if a member of staff does something to unintentionally launch a malicious cyber-attack on the company – i.e. by not implementing a password on one of their work devices and then leaving it unattended.

This doesn’t just happen because employees click on attachments or links in phishing e-mails, or leave their devices lying around. It may that an employee who works from home decides to save work to an external device (like a USB drive), then take the removable drive back into the office the next day. If their home computer is infected, they might transfer the infection to the corporate network. Or they may use a cloud service, instead of physical media, to save the data – but with the same result. 

Similarly, if staff use their own tablets or smartphones in the office, they are potentially connecting an unprotected endpoint to the corporate network and putting the entire company at risk. 

Cyberattack prevention 

A multi-layered security approach – that encompasses all business assets, including office desk computers and laptops, as well as bring-your-own devices (BYOD) like mobiles and tablets – is crucial to fighting off cyber-attacks.

In addition, the introduction of a gateway security solution can help protect an organisation from the threats of the outside world. With gateway-applicable threat protection blocking incoming threats, this approach can both reduce unnecessary downtime and stress and improve productivity and performance, to save both time and revenue. A gateway security solution should include an anti-phishing system, which will remove any potential risk of employees being manipulated into launching malware, as well as defend endpoints across a business to minimise the number of potential incidents. This ensures fewer panicked users and more focus on primary work tasks.

IT security specialists can also introduce access restrictions on online resources and sites for those users who do not need them to do their work, thereby ensuring they can concentrate on their responsibilities and avoid distraction.

With this protection in place, John – and other employees – can go about their responsibilities without having to worry that they could inadvertently open their employer to the risk of a cyberattack, and work safely in the knowledge that the organisation is defended against all potential threats, however they try to infiltrate the network.

David Emm, Principal Security Researcher at Kaspersky Lab

David Emm

David Emm is Principal Security Researcher at Kaspersky Lab, a provider of security and threat management solutions. He has been with Kaspersky Lab since 2004 and is a member of the company’s Global Research and Analysis Team. He has over 11 years of working experience. 

Latest in Security
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Data leak
Hacked Tata Technologies data leaked by ransomware gang
A close-up photo of an iPhone, with the App Store icon prominent in the center of the image.
Thousands of iOS apps found to expose user data and leak Stripe keys
China
Chinese hackers targeting Juniper Networks routers, so patch now
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
Latest in News
The Russo brothers posing for a photograph and Herman carrying a Volkswagen camper van in The Electric State
'We're optimists': AI enthusiasts Joe and Anthony Russo defend its use in movies and TV shows, but admit there are 'very real dangers' around its application
UK Prime Minister Sir Kier Starmer
UK PM says AI should soon replace civil servants
Xbox Copilot in Minecraft
Microsoft confirms Copilot can be tested by Xbox Insiders next month and shares new details about how the AI sidekick will enhance the player experience: 'It has to be about gameplay, it has to be personalized to you'
Eight Samsung TVs mounted to the wall showing different basketball games
Samsung is offering you 8 new TVs in one bundle for March Madness, in case you want to watch all games at once like a Bond villain’s lair
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
The Steam Logo on a mobile phone in front of a wall of games.
Today’s Steam Spring Sale features my absolute favorite game of all time - here's when the sale starts and all the key info