Dana Wills, information security consultant at Asteros, says the top data security threat comes from lack of proper employee security awareness training. Untrained employees are more likely to fall victim to social engineering and phishing attacks, which are the most common ways attackers breach organizations.
“All employees and contractors should undergo training on how to spot and respond to scam emails, malicious phone calls, and safe social media use, as well as any position-specific instruction, such as secure coding,” Wills explains.
4. Outdated Software
“Using outdated software is often how attackers propagate throughout networks once they’ve gotten in through phishing,” says Wills. Attackers exploit unpatched systems to gain increasing amounts of access until they can successfully steal user data.
“Organizations should work to create and continuously strengthen their vulnerability management programs until they can quickly identify and address security issues,” Wills explains. “This includes conducting comprehensive vulnerability scans and penetration tests, and auditing cloud environments for security issues.”