The top 5 security threats to your company

Security threats: time-consuming, expensive, and an all-around headache for your IT organization. Here are the five big ones to look out for.
Written by Andrew Nusca, Contributor on


Just in time for this year's Gartner Security and Risk Management Summit in Washington, D.C., Quest Software released its list of the top five security threats facing IT organizations.

"Companies worldwide are feeling the heat," the company says, compounded by the surge in adoption of cloud computing and mobile platforms, and it's driving up the price of compliance. (Quest specializes in data protection and identity and access management, among other things.)

Here's the company's breakdown:

  1. Excessive internal privileges. Rogue system administrators, who have access to servers and data, are a serious threat. "Everyone from admins up to executives poses a threat to security and data if they maintain excessive access rights after changing positions or taking on different roles," it says.
  2. Third-party access. As globalization takes place and partners receive access to data in the cloud, it will take a vigilant IT pro to ensure that employees of partners don't misuse unencrypted data that they have direct access to.
  3. Hactivism. All those news headlines on ZDNet about Anonymous and Lulzsec? "It'll never happen to me" is probably not the best reaction. "Members of these groups assert that much of their success comes not from their technical expertise, but from having found easy targets," Quest says. So control what you can to make your company less susceptible.
  4. Social engineering. Your company's employees are smart, but they're human, too -- an attacker can use lies, deception and manipulation to convince someone to unwittingly let them in the digital front door.
  5. Internal negligence. It's not just leaving your laptop at the airport; it's also failing to regularly check log reports for suspicious activity because "you were too busy."

Quest has a few recommendations, of course, among them a "least privilege" security approach that keeps unnecessary access to a minimum and a constant cycle of education to remind company employees not to let their guards down.

What do you do to keep your company on lockdown?

Photo: Steve Johnson/Flickr

Editorial standards