Although TikTok may not be the bogeyman it is made out to be, banning the app on all government-issued devices is a positive step taken by the government to secure sensitive information. However, banning TikTok may be insufficient to protect government systems. While TikTok may pose a security risk, employees with personal mobile devices can still inadvertently interact with government systems, potentially compromising sensitive information.
The reality is that employees may use their mobile devices to access social media apps like TikTok, and these devices may not be as secure as government-issued devices. This creates a greater risk for the government and its agencies, as personal devices are more vulnerable to hacking attempts.
In addition, government agencies also rely on numerous software applications every day to perform various tasks. However, the use of these applications can introduce security risks to the agencies' systems, particularly when known vulnerabilities are left unpatched. Unpatched known vulnerabilities are one source of data breaches in government agencies.
According to Tenable's 2022 Threat Landscape static.tenable.com/marketi…Report.pdf, known vulnerabilities as old as 2017 are still being successfully exploited in widespread attacks, as organisations struggle to effectively patch or remediate them.
Despite increasing cyber threats faced by government agencies, many organisations still lack a comprehensive understanding of their application inventory and the vulnerabilities that exist within them. This makes it challenging for security leaders to prioritise their remediation efforts effectively, especially since each application carries a distinct set of cyber risks. From email client software to enterprise resource planning (ERP) systems, the extensive use of software applications today poses a significant challenge for these agencies.
With limited resources and time, organisations must choose which vulnerabilities to tackle first. The key is to focus on those that are most likely to be exploited by cybercriminals and that could have the most significant impact on the organisation.
Organisations need to adopt a risk-based approach to security to effectively tackle vulnerabilities. Instead of addressing vulnerabilities in the order they are discovered, organisations must identify and prioritise them based on their potential impact on the organisation. By prioritising vulnerabilities based on their risk level, organisations can ensure that their limited resources are utilised effectively.
Government agencies also face the challenge of balancing security and usability, as security measures may sometimes be perceived as excessively restrictive, prompting employees to seek alternative methods to complete their tasks. This can result in the unwitting introduction of vulnerabilities into the organisation.
To overcome this challenge, security leaders need to involve employees in the security process, so that such measures are not perceived as hindrances, but rather as an essential component of conducting business securely.
Ultimately, cybersecurity is a complex issue that requires a multifaceted approach. While individual applications like TikTok certainly pose a risk to user privacy and security, it is important to remember that they are only a small part of the larger cybersecurity puzzle and not the exaggerated bogeyman threat that some make them out to be.
Addressing the root causes of cyber risks, such as unpatched vulnerabilities and lack of employee security awareness training, is essential if we are to truly improve cybersecurity across the board.
News From
TenableCategory: Security Profile: EMPOWER ALL ORGANIZATIONS TO UNDERSTAND AND REDUCE THEIR CYBERSECURITY RISK Cybersecurity is one of the existential threats of our time. New types of connected devices and compute platforms, from Cloud to IoT, have exploded the cyber attack surface. And more tools collecting more data doesn’t equate to actionable insight for the CISO, C-suite and Board of Directors. The old way of simply scanning on-premises IT devices for vulnerabilities is no longer enough. It’s time for a new approach. Toda ...
For more information:
