Everyone knows the phrase ‘Network Security’ but what does it actually mean? What is the risk if business networks are not secure?
It is not only external but internal threats that networks need to be protected against. Organisations that fail to protect their networks appropriately could be subject to a number of risks, including:
- Exploitation of systems: Ineffective network design may allow an attacker to compromise systems that perform critical functions, affecting the organisation’s ability to deliver essential services or resulting in severe loss of customer or user confidence.
- Compromise of information: A poor network architecture may allow an attacker to compromise sensitive information in a number of ways. They may be able to access systems hosting sensitive information directly or perhaps allow an attacker to intercept poorly protected information whilst in transit (such as between your end user devices and a cloud service).
- Import and export of malware: Failure to put in place appropriate security controls could lead to the import of malware and the potential to compromise business systems. Conversely, users could deliberately or accidentally release malware or other malicious content externally with associated reputational damage.
- Denial of service: Internet-facing networks may be vulnerable to Denial Of Service (DOS) attacks, where access to services and resources are denied to legitimate users or customers.
- Damage or defacement of corporate resources: Attackers that have successfully compromised the network may be able to further damage internal and externally facing systems and information (such as defacing your organisation’s websites or posting onto your social media accounts), harming the organisation’s reputation and customer confidence.
How can the cyber-attack risk be managed?
Produce, implement and maintain network security designs and policies that align with the organisation’s broader risk management approach.
It may be helpful to follow recognised network design principles to help define an appropriate network architecture including both the network perimeter, any internal networks, and links with other organisations such as service providers or partners.