respond to this peer post: Good evening, everyone,

Enterprise network security is required to adapt to the myriad of evolving threats. Threats can be either external or internal. Current top threats to enterprise systems include the following.

Malware: This includes viruses and worms including ransomware. These can infect a system via downloads, malicious emails, and infect USB drives. Protection would include anti$-$malware, system updates, firewall, and NIDS.

Network intrusion: Including attempts to access a network using port scanning, brute force password attacks, and OS scanners trying to identify the OS to identify known exploits. For these attacks defenses would include system patches, penetration testing, and NIDS.

Social Engineering: This is phishing$/$vishing$,$ SPAM & SPIM, baiting, and CEO fraud. The goal is to psychologically convince a target to take actions they normally would not, to achieve a goal against their personal or business interests. Defending against these attacks takes anti$-$malware, email scanning, robust security policies, and quality employee training with emphasis on buy in$.$

Insider threats: possibly the hardest to detect and potentially most damaging. Atack carried out by employee or contract with authorized access. Could be data$/$IP theft, sabotage, or revenge. To protect against this threat requires monitoring, security policies, education, and physical security.

All these threats do not have a single solution but show why a defense in depth design is required. Solutions apply to multiple threats such as firewalls, access control lists, and IDS$/$IPS$.$ Also, without robust IT security policies and employee education with buy in the hardware does not mean a lot.

All security systems must comply with state and federal data protection laws. Socially proving you take cyber seriously and have done your due diligence reenforces the public's trust in your organization. Now, ethics gets interesting. Yes, there are ethical considerations around your enterprises network security either physical or logical and what levels of surveillance and data collection are occurring. Also, you need to ensure staff are aware of the surveillance. But there is not a blanket right to privacy if you are using the companies' systems including email and internet.