Cyber Security
James Aguilan December 11, 2018

How should employees address application layer attacks?

QA Cyber Security Trainer, James Aguilan, emphasizes that understanding the risk to information assets is imperative.

Application layer attacks has been an attack vector for the ages now. Application-layer attacks target computers by causing a fault in a system which as a result enables to gain the ability to bypass normal access controls. For as long as there are entry points in firewalls for applications, there will always be exploits of the resulting vulnerability, resulting in this kind of attack. However, letting applications through firewalls is necessary to do certain business operation. For example, to allow remote users to access email.

Businesses can take the defense-in-depth approach, however as soon as they open a port up to the internet, they introduce a new risk of attack. Technically, the means of mitigating the risk from application layer attacks needs to be proportionate and may vary. However, securing the application layers is dependent on people and great security processes and hygiene. Most breaches come from insiders, either through negligence such as poor training or simply failing to understand why their behavior impacts security, or malicious activity. There is a variety of things to consider around users of applications. People are not only part of the threat, but will be the best defense to the threat:

  • Application password hygiene – force them to choose an excellent password but force them to change it every 30 days.
  • Put appropriate barriers in place for authentication by users. Use two-factor authentication.
  • Keep measures appropriate and usable so they are user-friendly enough to stop users trying to circumnavigate them.
  • Understand information assets – use defense in depth at the application layer.
  • Segregate sensitive and non-sensitive assets.

 

Remember that most breaches come from people as proven by the epic story of Morrison breach by a disgruntled employee with access to sensitive data, or Edward Snowden. External threats can’t be ignored, of course, however the frequent occurrence of breaches by internal weakness with people, supported by technology can play a part in best defense. It would be impractical for businesses to stop allowing applications through firewalls, so understanding the risk to information assets is imperative.

 

Visit cyber.qa.com for more information on how they can help solve the Cyber Security skills gap.

James Aguilan

James Aguilan

Visit my page

Related Articles

Feb 18, 2025

How the new ‘tariff wars’ will affect cyber security

Richard Beck

Cyber Security

Richard Beck explores how US semiconductor tariffs could fuel Chinese innovation & reshape the global computer chip race.
Jan 22, 2025

Adversarial AI threatens our financial services. We need a response.

Richard Beck

Cyber Security

How updated cyber security frameworks can protect against data manipulation, supply chain attacks, and other threats posed by malicious AI.
Nov 8, 2024

Top 5 Cybersecurity Roles Perfect for Veterans

Richard Beck

Cyber Security

Here are five cybersecurity roles that align well with your military experience and offer career change opportunities.
Oct 28, 2024

Avoiding a culture war - a cyber security battle we can’t afford to lose

Richard Beck

Cyber Security

Richard Beck tells us why people skills and collaboration training are just as important as technical abilities when building effective cyber security teams.
Oct 21, 2024

AI phishing: How to defend AI-generated attacks

Richard Beck

Cyber Security

Phishing has been transformed with the advent of AI-driven automation and sophisticated psychological techniques. Here are our tips and strategies to help you defend…
Oct 18, 2024

Our complete guide to Microsoft security tools

Dan Lewis

Cyber Security

How you can streamline your cyber security stack with Microsoft 365 tools. Dan Lewis offers an overview of these tools and how they can help improve your security.
Oct 7, 2024

Top 12 essential cyber security tips

Richard Beck

Cyber Security

In today’s digital world, businesses and individuals alike are more aware of the need for strong cyber security practices. But while we focus on basic hygiene – like…
Aug 21, 2024

Human in the loop: Six steps to master AI collaboration

Richard Beck

Cyber Security

Rather than AI posing a threat to human roles, Richard Beck explores how the human-AI relationship can be key to effective cyber security.
Jul 19, 2024

IT outages? Overcoming digital storms with critical crisis communication

Richard Beck

Cyber Security

QA Cyber expert Richard Beck outlines how organizations can prepare for digital storms and mitigate the risk of large-scale technology outages of the type we've seen…
Jun 24, 2024

Solving the supply chain attack challenge

Richard Beck

Cyber Security

Richard Beck outlines the measures necessary to secure organizations from cloud-based supply chain cyber attacks.