6: Malicious insiders
Having the right set of access controls and encryption keys will help organisations avoid the problem of malicious insiders stealing data, said Low.
“Someone who is working for you today could be a competitor tomorrow.”
5: Denial of service attacks
With mobile devices and distributed computing, denial of service attacks have become easier. Low recommended that companies use bandwidth protection so that they can shut down suspicious traffic that is taking up bandwidth.
“Virtual patching is important because DDoS attacks employ the use of infected PCs. If you have virtual patching you can close that gap and make sure work computers are not compromised.”
4: Insecure interfaces and APIs
As you are rolling out cloud services, make sure the handover between one software application and another is done in a secure manner.
“This data needs to be encrypted from end to end. Make sure your applications go through proper testing and validation,” said Low.
3: Account service traffic hijacking
Hackers sometimes use a well-known site which appears trusted but there has been a cross scripting attack.
Low said that enterprises should use proper threat prevention and identify malicious URLs that employees should not click.