As Halloween approaches, you may think of scary in terms of an endless loop of slasher movies or haunted houses. I think of scary in terms of all the threats to our data, our identity and our corporate well being. And this Halloween, there are a lot of scary things around. Here are a few of the most frightening cybersecurity issues on my list:
This time of year, we hear a lot of talk about teenagers who go trick or treating, often without bothering to put on a costume. But hey, if they are knocking on your door asking for candy, that means they aren’t trying to hack into your network. First, it was the teenager who took control of CIA Director John Brennan’s personal email. Then it was the news that the recent cyberattack on UK communications company TalkTalk was executed by a fifteen-year-old boy. Yes, there are a lot of computer-savvy kids, but how weak is our cybersecurity that kids are now competing with nation states to gain access?
Unpatched End-of-Life Applications
I expect to see a lot of undead or zombies showing up at my door this weekend. Many of you will turn on your computers to use applications that are pretty much the equivalent of the undead – applications and software that are no longer supported, have reached end of life and are unpatched. According to 3Q findings by Secunia, unpatched, end-of-life applications are a serious problem on personal PCs, made even worse if that PC is used to connect to the company network.
Part of the attraction of Halloween is the opportunity to purposely spook friends and co-workers. Unfortunately, the way that workers use the cloud is unintentionally creating a frightening IT atmosphere. According to the Q3 Cloud Adoption & Risk report from Skyhigh, employee behavior is largely responsible for the security loss from the cloud. For instance, employees aren’t taking proper precautions when uploading files into the cloud, as FierceITSecurity reported:
A full 28 percent of employees have uploaded a file containing sensitive data to the cloud, and the average enterprise shares documents with 849 external domains via these services.
A quick glance through my email showed me that I’ve just scratched the surface on the scary security landscape. After all, I haven’t even touched on malware issues or the latest Adobe vulnerability. But I think this is enough fright for one day.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba