An organization can implement all the best security tools, but security is ultimately a people problem. "Human error accounts for most data breaches," says Mike Mellor, vice president of cybersecurity consulting at network security firm Nuspire.
Ransomware attacks, for example, dominate the headlines and cost companies millions of dollars each year. "The most effective way to reduce the occurrence of these types of attacks is to train the users," Mellor advises.
Asset management is an important first step in securing an environment. "Unmanaged devices are one of the biggest internal network security mistakes an organization can make," says Devin Ertel, CISO of Menlo Security, a network security company. "Devices that aren’t under the control of the security and IT teams, but have access to the overarching network, cause a huge risk to the environment."
In past years, many organizations simply prohibited unmanaged devices. Times are changing, however. "The increase of remote, hybrid, and contracted work means that these unmanaged devices must be allowed on the network," Ertel explains. "As a result, security teams must ensure that their security stacks adequately protect them against the inherent vulnerabilities that are associated with unmanaged devices."
Apps pose a problem, too. If employees are allowed to freely install unauthorized apps, use unprotected devices to connect to the network, or set any passwords they like, they open doors to all kinds of cyber threats, says Dmitry Kurskov, head of the information security department at ScienceSoft, an IT consulting and software development company. "Outdated or unused software that goes unnoticed is likely to have multiple vulnerabilities, enabling malicious actors to break into the network."
Read the rest of this article at Network Computing. IT professionals count on Network Computing and its affiliated conference, Interop, to show them the how and why behind next-generation networks, data centers, storage systems, communications, and cloud architectures. Interop is the live event for the IT community, while Network Computing provides IT practitioners with an online experience.