Many of us have become so reliant on our tech tools that we don’t notice how essential they are—until they fail. Similarly, many overlook the importance of cybersecurity until they’re part of a data breach. While every business wants to avoid having its internal tech systems (or worse, the tech products or services they provide) go down or be compromised, many don’t engage in the foundational work that could help address current and emerging vulnerabilities.
While understanding exactly where a vulnerability or breakdown led to a failure may not matter much to the affected end users, it’s essential information industries and companies need to be aware of if they’re to make needed changes. Below, 20 members of Forbes Technology Council discuss tech-related vulnerabilities the tech industry and individual businesses need to work to address now to avoid serious problems in the future.
1. Sensitive Data In Open Buckets
One in five public-facing cloud storage buckets contains sensitive data. Legacy security infrastructure is no longer sufficient to defend sensitive data. Often, exposure incidents are blamed on “misconfiguration,” but more often than not, it is more about misplaced data that should never have been stored in an open bucket. Organizations must have complete observability of their data. – Amit Shaked, Laminar
2. Lack Of Multifactor Authentication
Business email compromise, such as can happen through phishing or spear phishing attacks, results in credential theft, which is a leading cause of breaches. Multifactor authentication limits the impact, but while most organizations claim to use MFA, many have yet to deploy it to every employee and authentication use case. Make MFA a requirement for all to significantly reduce the risk of falling victim to business email compromise and other cyberattacks. – Corey Nachreiner, WatchGuard Technologies Inc.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
3. Not Requiring SBOMs
Software compromise will be reduced when software bills of materials are universally required. Think of SBOMs as nutrition labels for your software. Most consumers don’t realize that software is modular and contains chunks of code from many different suppliers. Listing the software “ingredients” will impose accountability and allow customers to make the most secure choices. – Gentry Lane, ANOVA Intelligence
4. Insecure IoT Devices
The security of Internet of Things devices is one tech weakness that the sector has to address. IoT devices are becoming more common in both homes and companies, but many of them lack strong security safeguards, leaving them open to cyberattacks. The tech industry should strengthen IoT device regulation, provide security awareness and education, and raise device security requirements to address this issue. – Neelima Mangal, Spectrum North
5. Total Investment In Cloud Infrastructure
From enterprise resource planning systems to office productivity tools and from data backups to high-availability service, any substantial cloud infrastructure failure can cripple—even shutter—businesses. Whether from hacking, power grid failures, viruses or, heaven forbid, an act of war, the “cloud” itself is always at risk. To address this vulnerability, companies should divest from the cloud and reinvest in on-premises and on-device solutions. – Robert Martin, Oil City Iron Works, Inc.
6. Not Addressing Ethics In AI Use
One tech vulnerability that demands urgent attention is the ethical use of AI. The industry needs to prioritize the development and implementation of robust AI ethics frameworks, ensuring transparency, fairness and accountability in AI systems. This can be achieved through interdisciplinary collaboration, stakeholder engagement and continuous monitoring of AI algorithms. – Stephen O’Doherty, Gibraltar Solutions
7. Sole Reliance On Email For Account Recovery
The continued and sole use of ineffective email-based approaches to account recovery means that once a user’s email account is compromised, it is nearly impossible for them to regain control of accounts linked to their email. Organizations need to revamp their account recovery processes to offer offline methods of verifying identities and encourage more use of MFA. – Claude Mandy, Symmetry Systems Inc.
8. Unsecured Supply Chains
Supply chain attacks are a critical vulnerability that requires greater attention. They can compromise trusted software or hardware, infecting users downstream. Strengthening defenses involves securing the development process, implementing rigorous testing and monitoring for unusual activity. Regular audits and improved transparency among suppliers can also help mitigate risks. – Nolan Garrett, TorchLight
9. Unprotected APIs
The tech industry needs to address the vulnerability of unprotected application programming interfaces. APIs are increasingly targeted by hackers, leading to significant data breaches. To mitigate this risk, organizations should inventory all APIs, monitor traffic and implement measures to block high-risk activities. This approach will help protect sensitive data and maintain business operations. – Andres Zunino, ZirconTech
10. Overreliance On Vendors’ Security Systems
Overreliance on third-party vendors’ security systems is a critical mistake. Neglecting to secure sensitive data that goes into third-party systems can lead to massive risks, even for companies with robust internal security. To safeguard assets beyond the corporate perimeter, leaders must integrate a zero-trust mindset, monitoring and setting controls for all activity within their network. – Almog Apirion, Cyolo
11. Poorly Designed Or Untested Software
Often, vulnerabilities are hidden in the very design of software. When developing a new product, companies need to carefully test its logic and design so there is no possibility, for example, for outsiders to access certain pages simply via a link, without the need to log in. – Yuriy Berdnikov, Perpetio
12. Siloed Cyber Supply Chains
As tech continues to rapidly innovate, it relies on a global network of capabilities and talents from open-source code, employees and vendors. An established, siloed cyber supply chain creates a “world of shared fate” in which your top vulnerabilities—cyber, insider, third party and geopolitical—are not just your own, but also those of your established CSC network. – Christine Halvorsen, Protiviti
13. Not Sharing Knowledge And Information
The tech industry should foster a culture of collaboration and information sharing regarding emerging threats and vulnerabilities, taking a proactive approach that empowers organizations to stay ahead of emerging threats. Doing so facilitates knowledge exchange, promotes innovation and enhances the collective ability to effectively address cybersecurity challenges. – Cristian Randieri, Intellisystem Technologies
14. Constantly Playing Defense Against Cyber Attackers
The tech industry must acknowledge and address the information imbalance between defenders and attackers. Attackers know what has been successful for them, which enables them to replicate the same tactics on a large scale. While addressing a specific vulnerability is important, it’s crucial to recognize that attackers will move on to exploit the next one, leaving defenders at a perpetual disadvantage. – Ilia Sotnikov, Netwrix
15. ‘Rogue’ Assets
Attackers often access a target organization through “rogue” assets such as laptops or cloud applications. Not accounting for these assets is like leaving the door unlocked and forgetting it is there—they are often unmanaged and lack up-to-date security controls. It sounds foundational—and that’s because it is—but organizations must identify their assets. Following that, they can patch, install controls and so on. – Brian Contos, Sevco Security
16. Quantum Computing
Quantum computing threatens existing encryption standards, potentially leaving data vulnerable. The tech industry should prioritize post-quantum cryptography development to resist quantum-based attacks, ensuring secure data transfers even in the quantum era. This innovation is vital for future digital security. – Kenneth Holley, Silent Quadrant
17. Increasingly Daring Identity Theft
It’s essential to develop a more sophisticated way of identifying who someone is speaking to. There are cases of malicious actors creating fake identities and fake IDs that can be used to bypass system security. They do this by contacting a call center—or, in extreme cases, by going to a physical location, such as the window of a bank teller—and using the fake ID to bypass online security questions. – Adam Sandman, Inflectra Corporation
18. Older Devices That Don’t Receive Security Updates
The lack of security updates for older devices is a big problem. Apple does a good job here, continuing to release security updates for devices as old as the iPhone 5s, but most brands need to do better. Lots of people still use old devices—especially people who are older—so addressing vulnerabilities in these devices is important. In general, brands should provide more support for older devices and raise awareness among the people who use the devices. – Jordan Yallen, MetaTope
19. Lack Of Data Portability
The lack of data portability is a risk few businesses have in mind. Today, the outage of a single cloud vendor—whether because of changing business priorities, regulatory action or a cyberattack—can take down thousands of companies. With no way for companies to back up their data or migrate it to a different service, there is a high risk of cascading effects for the whole economy. – Kevin Korte, Univention
20. Human Error
One tech vulnerability that the industry needs to do more to address is the human factor in cybersecurity. Despite advancements in technology, human errors remain a significant weak point. To address this, the industry should invest in training programs to educate users about best practices, raise awareness about social engineering tactics, and instill a security-conscious culture in organizations. – Jagadish Gokavarapu, Wissen Infotech
More Stories
Tips To Choose The Right WordPress SSD Hosting Service
How’s your ‘flow point out?’ Mixed with know-how it could reverse productiveness slumps
5 Cost-Cutting Tools For Small Businesses | CO