Cybercrime is not the only reason for malicious attacks. Could it be that companies themselves are not taking the necessary preventive measures? See sidebar, “Lists of Mistakes” for the answer.
According to the SANS Institute, the answer to the preceding question is “Yes!” SANs has developed the following three lists of mistakes people make that enable attackers.
End Users: The Five Worst Security Mistakes
Opening unsolicited e-mail attachments from unreliable sources
Forgetting to install security patches, including ones for Microsoft Office, Microsoft Internet Explorer, and Netscape
Downloading screen savers or games from unreliable sources
Not creating or testing backups
Using a modem while connected through a local area network
Corporate Management: The Seven Top Errors That Lead to Computer Security Vulnerabilities
Not providing training to the assigned people who maintain security within the company
Only acknowledging physical security issues while neglecting the need to secure information
Making a few fixes to security problems and not taking the necessary measures to ensure the problems are fixed
Relying mainly on a firewall
Failing to realize how much money intellectual property and business reputations are worth
Authorizing only short-term fixes so problems reemerge rapidly
Pretending the problem will go away if ignored
IT Professionals: The Ten Worst Security Mistakes
Connecting systems to the Internet before hardening them
Connecting test systems to the Internet with default accounts/passwords
Failing to update systems when security holes are found
Using unencrypted protocols for managing systems, routers, firewalls, and PKI
Giving users passwords over the phone or changing them when the requester is not authenticated
Failing to maintain and test backups
Running unnecessary services
Implementing firewalls with rules that do not prevent dangerous incoming or outgoing traffic
Failing to implement or update virus detection software
Failing to educate users on what to do when they see a potential security problem[3]