Companies are leaving themselves vulnerable to the ‘forgotten security defences' and have been encouraged to pay closer heed to the applications used within the business.
According to new advice from Network Box, this has led to a greater number of SQL Injection attacks and vulnerabilities in ‘social' or rogue applications that are often inherently insecure, as they are not built with business purposes in mind.
The first in the company's 'Forgotten Security' series of whitepapers advises organisations to pay closer heed to the applications used within the business. It advises IT managers to review the number of applications used across the business regularly, and test them for vulnerabilities, failures and correct use by employees.
The advisory gives IT managers a checklist of applications and processes to monitor, covering security processes, productivity, connectivity, configuration, hard disk error monitoring, CPU temperatures, motherboard cooling and network errors.
Simon Heron, internet security analyst at Network Box, claimed that companies often take measures to protect themselves against what he calls the ‘high profile' threats, but leave vulnerabilities in the applications or hardware that are used every day.
Heron said: “Companies are becoming much more aware of the security threats they face. As a result, we often find that the high profile threats, such as viruses and insider attacks are protected against, but that the performance of applications and hardware has been forgotten. Often it is the most obvious things that are overlooked, and that can bring down a network. There are very simple, inexpensive steps to put this right.”
The advice includes monitoring applications and users, as well as testing the applications for patches and updates. It also recommends monitoring security systems to consider what security systems you need, how you are going to monitor security, and what needs to be monitored and when you put it in place.