Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

5 IT Architecture Security Risks and How to Prevent Them

By - Source: Toms IT Pro
Tags :

IT architectures are the unified systems, guidelines and products that industries establish to keep certain technologies and protocols cohesive across those industries, especial the IT industry. Like any system, threats exist that can compromise these architectures and do serious harm industry wide. Here is a list of some of the biggest security risks that exist today and what you can do to prevent them from harming your business.

1. IoT

The Internet of Things (IoT) is the emerging system of different physical devices which are embedded with sensors and how they communicate with each other. Some examples of these are transportation fleets, automated manufacturing devices and smart home devices, which are all connected by a unified system. This still an emerging technology with new protocols still being determined, which means many vulnerabilities to these systems have gone undiscovered and unfixed.

Attackers could gain a backdoor into a system through an unprotected connection between devices. Vice-versa, when invading a system, cyber criminals could gain access to its many devices such as remote cameras or access control devices.

MORE: Internet of Things: Small Business’s Latest Security Threat

How to Protect Against It

Since IoT systems involve many different devices that all connect to the same network, these devices all need to have the same amount of protection that the network itself has. A vulnerability in one seemingly insignificant device can compromise the system. For instance, make sure you change any factory default passwords.

In this same regard, there needs to be physical security in places as well. Only authorized personal should be allowed to handle devices and equipment tied to the IoT system. A Cisco white paper puts out the suggestion to combine physical and cybersecurity to alert both IT and operational staff of possible breaches. For example, locking down IT systems when physical security is compromised, or automatically training security camera on areas where there could be a breach in the system.

2. DDos Attack

Distributed Denial of Service (DDos) attacks have emerged in the news over recent years and have been to blame for massive outages and errors for networks in the past. The general idea of the act, is that attackers overload a network’s bandwidth with a high-volume of requests for access. Attackers have different motivations for doing so, but the ultimate goal of a DDoS attack is to make the target network unresponsive to legitimate requests for access. Whether its an online service or an ISP, DDoS attacks can be harmful to companies that depend on their network for revenue or vital communication.

How to Protect Against It

According to the Software Engineering Institute of Carnegie Mellon University, IT staff should plan for DDoS attacks ahead of time, as once they’re underway it’s harder to stop them. To help mitigate a DDoS attack’s effect, disperse network devices across different pathways and physical locations. Having multiple servers, located in different datacenters, across different networks can prevent DDoS attacks clog up your system by bottlenecking everything through one pathway.

Keeping hardware and security software up-to-date, as well as implementing specialty hardware for mitigating DDoS attacks can also help. Increasing bandwidth to above your normal needs can also help absorb the mass volume received from a DDoS attack, but there’s no guarantee that a certain amount of bandwidth will be enough.

3. Internal/Spear Phishing.

As cyber criminals get more sophisticated, their techniques and paths of infiltration into your network become more research-based and personal. Spear phishing, like phishing, is an attempt to mislead someone into giving up vital information such as usernames and passwords, through email or other online communication. Spear phishing is a more in-depth attempt at deceiving someone through personal information and other identifiers. In a company setting, scammers will commonly pose as a superior or coworker, using some identifying information such as an email signature. One mistake from an employee can lead to major harm depending on what information is unknowingly volunteered to a malicious source. This technique can also lead to malware being installed on an employee’s computer.

How to Protect Against It

Training employees on how to identify a phishing email will reduce the chances of them accidently giving up secure information. Employees should double check the sender’s email address for errors if they are asking for something important. Furthermore, policies such as confirming with a coworker through a secondary channel of communication or in-person if possible when asking for sensitive information can be put in place. And lastly, an employee who realizes they’ve given up important information to the wrong person needs to report it immediately.

4. Ransomware

Ransomware can be devastating to businesses if infected. Ransomware is a type of malware that when implanted in a computer or network will make monetary demands. For most private individuals targeted with ransomware, the program will threaten to release private information about the individual unless the ransom is paid. For businesses, ransomware can cut off access to files and programs by encrypting them until a ransom is paid.

How to Protect Against It

Ransomware, like any malware, can be prevented with robust antivirus detection software and consistent patching of OS and other programs that ransomware will exploit. Unfortunately, if ransomware is successful in encrypting your files, then there’s little chance of getting them back. It’s ill advised to actually pay the ransom, since there’s no guarantee that your files will be decrypted and willingness to pay could make you a target for future attacks.

Backing-up vital data to a separate network away from where the ransomware strikes, gives you the option to purge that network and rebuild, with your important data intact. Prevention is the best medicine when it comes to sophisticated attacks like ransomware. Training employees to avoid suspicious attempts to access your network is also advised.

5. SaaS/Cloud Exploits

Attacks may sometimes find backdoors into your network through third-party applications or cloud networks. Employees that use these software as a service apps may unintentionally expose networks if these applications are themselves not secure. Cloud storage networks used by individuals or whole departments may also cause vulnerabilities to your network.

How to Protect Against It

While these programs may be convenient for employees, IT managers must reign in what is and what isn’t secure enough to be exposed to your businesses network. A list of trusted programs can be set up and permissions for employees can be altered to allow only certain programs to be installed without authority from IT departments. Cloud networks used by employees should meet your company’s own security protocols.