Five security blind spots you might not realize you have

Author: Sue Poremba

Organizations of all sizes have embraced digital transformation. According to Gartner, “82% of CEOs responding to our annual CEO survey said they have a digital transformation program underway to make their companies more digital”.1 But this transition can introduce new and unfamiliar security risks that need to be accounted for.

"For every new piece of technology we introduce into an organization, we add a new attack vector that requires protection," Jeff Schwartz, vice president of US Engineering at Check Point, said in Security Boulevard. While new technologies add new levels of production and expediency to tasks, they also add a layer of hidden network security risk.

Because of this increased dependence on IT and connectivity, developing strong security capabilities is necessary to address both known and emerging threats. The first step in developing a strong security program is knowing where the blind spots are in your network security. Here are five hidden network security risks lurking in your environment.

1. Shadow IT

Digital transformation depends on a variety of software and hardware connected to your network. In a perfect world, the IT department controls the technology in all stages. Realistically, employees will often incorporate shadow IT—non-company-approved devices and software due to personal preference or to address perceived shortcomings—into their workflow. Left undetected, shadow IT can lead to data loss and compliance violations. The best way to balance productivity with network security is through open communication. Empower employees to use their chosen technology while deploying tools like cloud access security brokers to monitor and enforce security.

2. Enterprise mobility

Mobile devices, and the associated security risks, have become ubiquitous within the workplace. Mobile devices must be secured with a layered approach. Optimally, security controls would be applied at the device and mobile application level as well as on the network. Consider implementing policies that will require users to adopt best security practices, while your IT department maintains the ability to restrict access to certain network areas from remote locations.

3. Internet of Things (IoT)

IoT may present the worst hidden network security risk. Often, the staff doesn't realize just how many devices can be considered IoT—and these devices rarely have extensive security features. It's difficult to know if the device has been hacked or is infected with malware until well after the damage is done.

To protect the network from IoT security holes, make sure the firmware is updated regularly, and create unique passwords for each device. Due to the nature of IoT, there also needs to be higher levels of physical security for the devices. This can help prevent theft or someone gaining access to, and manipulating, the programming.

4. Encrypted traffic

The amount of encrypted traffic is increasing, which makes it easy to fall into the trap of thinking the transmissions are secure. However, if encrypted traffic isn't kept in check, the network is at risk of malware and other cyber threats. Because encryption can be done at either end of the transmission, a bad actor could send encrypted malware designed for data exfiltration. To combat encryption-related security, SSL inspection, a process where data is intercepted and decrypted before it is transmitted, is necessary. While not fool-proof, it does provide monitoring for malicious electronic communications.

5. The human factor

While the technology connected to the network is vulnerable to risk, one of the biggest security threats in any organization is the employees. Most of the human-caused security risks are accidental—losing a phone or unintentionally opening a malicious attachment—but no one knows when an employee will go rogue and willfully attack the network or compromise data.

Security isn't top of mind for most employees, which is why security awareness training needs to be mandatory and interactive. Regular reinforcements and spot drills are necessary reminders that an attack can come at any time. Communication is key, with security leadership sharing information about new and ongoing threats and encouraging users to report anything suspicious.

Learn more about how to detect security threats before they cause damage. 

1 Smarter With Gartner, Avoid These 9 Corporate Digital Business Transformation Mistakes, November 6, 2019,