Top 10 threats facing the enterprise - Part Two

While it was once considered good enough' to leave network access control to a simple pairing of username and password, those nave days have long since been left behind if you talk to pretty much anyone in the enterprise security space.

So why is it that so many businesses still use this basic login approach, and even more worrying, why do so many employees use the same pairings for everything from business networks to social networks?

Isn't it time for every enterprise to move beyond the basics and re-evaluate security controls if they really want to be seen to be taking data protection seriously?

Peter Regent, director of online authentication at Gemalto, certainly thinks so. "A multi-layered approach, with two or more forms of identity verification, will ensure only authorised users gain network access," Regent told IT Pro

"A smartcard solution encompassing certificate-based authentication and Public Key Infrastructure (PKI) certificates will enable only authorised employees to access sensitive information and will allow for a full audit trail of all access events".

Do that and your enterprise will attain a similar level of protection to corporate information assets that banking customers expect from chip and pins card when getting cash from ATM machines.

10. Supply Chain Insecurity

No, supply chain security didn't immediately spring to our minds either when compiling this list, but Adrian Davis, from the Information Security Forum, provided a very persuasive argument for including it.

He reminded us that the tsunami in Japan highlighted the global and interdependent nature of physical supply chains and the potential for their disruption. Less remarked, but by no means less important, is the information that binds these supply chains together. This information can range from trade or commercial secrets and intellectual property to mundane items such as quantities.

All this information, however, is critical - without it, the supplier cannot fulfill its part in the chain. "Any acquirer or purchaser needs to conduct due diligence on its suppliers before entering into a contract or relationship," Davis warned.

"That used to include finances and legal issues. Today, however, due diligence must include how well a supplier addresses the security of its own and other organisations' information. Once the acquirer and supplier start working together, this due diligence should be repeated on a regular basis - either through audit or assessment - and backed up by regular reporting and discussion".

Davey Winder

Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.

Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.

You can follow Davey on Twitter @happygeek, or email him at