Security Risks in Corporate America

 

Charles Murphy


One security risk in corporate America is phishing and social engineering. This

happens when employees are ticked into revealing credentials or installing malware. Another security risk is ransomware attacks. Criminals may be able to encrypt

corporate data and make payment demands. A third security risk are data breaches,

where software is exploited to steal customer, or proprietary data. A few counter measures against these are a whole host of cyber defense measures like MFA and

regular patching to fix system flaws and inside risk management to tighten up

security principles by only allowing employees to get the access they need

. Employee security training should be included to teach company staff about

identifying phishing attempts and how to handle data safely.



Dylan Moutinho



One common risk is cyberattacks, such as phishing, ransomware, and data

breaches. Hackers often target companies to steal sensitive information like

customer data, financial records, or proprietary technology. Another significant

risk is intellectual property theft, which can occur when employees or competitors

steal trade secrets, product designs, or confidential research. Additionally,

insider threats—employees intentionally or accidentally leaking sensitive

information—can also harm organizations.


To combat these risks, companies implement several security measures. Many

organizations invest in cybersecurity systems such as firewalls, encryption,

intrusion detection systems, and multi-factor authentication to protect their

networks and data. They also conduct employee security training to help

workers recognize phishing attempts and follow safe data practices. To prevent

internal theft, companies may use access controls, background checks, monitoring

systems, and legal protections such as non-disclosure agreements (NDAs). Together,

these strategies help corporations reduce vulnerabilities and protect their valuable

information and assets.


Filipe Rodrigues



One security risk in corporate America is intellectual property theft. Companies spend

years and a lot of money developing new technologies, so if those designs or research are

stolen it can seriously hurt their competitive advantage. This can happen through

competitors, former employees, or even foreign governments trying to gain access to

valuable technology.


A good example is the semiconductor industry. Advanced chip designs are extremely important because they power things like AI systems, smartphones, and even military equipment. Because of how valuable they are, there have been concerns about companies or governments trying to obtain this technology through industrial espionage or by hiring employees who worked on sensitive projects. To reduce this risk, companies usually restrict access to important research, require confidentiality agreements, and rely on patents and government regulations to help protect their technology.


ASML


Jhonatan Jimenez


I would like to briefly talk about Social Engineering which can be manipulating colleagues into revealing credentials or bypassing security protocols.

This is combated through regular security awareness training and strict

identity verification procedures.


Ettory Mergal Souza


Companies today deal with threats like cyberattacks (phishing, ransomware, data breaches) and internal issues such as employees accidentally or intentionally

exposing sensitive information. Another big risk is social engineering, where

attackers manipulate people rather than systems.

To handle this, businesses rely on tools like encryption and multi-factor authentication, while also limiting who can access important data. They monitor activity, train employees to spot suspicious behavior, and carefully review third-party vendors

to avoid outside risks.


Mehnaz Barsha


Corporate America faces serious security risks that can hurt finances, operations, and

reputation. One of the biggest threats is cyberattacks, including phishing, ransomware,

and data breaches. Hackers target companies to steal customer data or gain a competitive

edge, which can expose sensitive information, break systems, and result in massive

financial losses. Another major risk is intellectual property theft, which involves the stealing of valuable assets like product designs, code, or important secrets. This threat is especially tricky because it often comes from inside the company. Employees who already have access to sensitive data can misuse it, whether intentionally or by accident.


To fight back, companies invest in cybersecurity tools like firewalls, encryption, and multi-factor authentication to block unauthorized access and protect data. They may also train employees to spot phishing attempts and handle sensitive information responsibly. On top of that, access controls and monitoring systems limit who can see what and flag suspicious activity before it becomes a serious problem. As cyber threats continue to evolve, staying proactive about security is no longer optional, it's important for any company that wants to protect the customers who use their service and keep their private information confidential.


Viktor Hreskiv


Security risks are a big issue in corporate America. One major problem is cyberattacks, where hackers try to steal data or disrupt systems. They can then sell this data or use it as a ransom  in an attempt to extort the company they have hacked for money (insurance exists for this). Another common one is phishing, where people get tricked into giving away passwords or personal info. Some ways hackers do this is by sending malicious links or trying to pose as their boss or a higher up from the company. Phishing is one way hackers get access to systems using social engineering. The online definition of social engineering is "the psychological manipulation of people into performing actions or divulging confidential information, such as passwords or financial details. Attackers exploit human emotions - fear, curiosity, or trust - rather than technical vulnerabilities to gain unauthorized access to systems, data, or physical locations." Social engineering is the most common way that hackers breach systems. According  to cisa.gov "More than 90% of successful cyber-attacks start with a phishing email".


There are also internal risks, like employees misusing access or stealing company secrets, which is known as intellectual property theft. Fraud and embezzlement can also happen within a company.


To deal with these risks, companies use strong passwords, multi-factor authentication, and train employees on computer safety. They also limit access to important information, monitor their systems, and have plans ready in case of a breach (Including insurance).


Overall, it comes down to the company having intelligently designed systems with cybersecurity in mind and trained staff that know how to identify, report, and avoid security threats.


Elvis Chen


A significant security risk in corporate America is the theft of intellectual property by insiders, such as employees or contractors. This can include stealing trade secrets, product designs, client lists, or confidential strategies, often for personal gain or to benefit a competing company. Because these individuals already have authorized access to company systems, their actions can be difficult to detect and may go unnoticed until serious damage has been done. This type of threat can weaken a company’s competitive advantage and lead to major financial losses.

To prevent intellectual property theft, companies use strict access controls to limit who can view or download sensitive information. They also monitor employee activity on company systems to detect unusual behavior, such as large file transfers or access to unrelated data. Non-disclosure agreements (NDAs) and legal policies are put in place to hold employees accountable for protecting confidential information. Additionally, companies may conduct exit interviews and immediately revoke system access when employees leave, reducing the risk of data being taken after departure.


Kevin Dias


Intellectual property theft is a very common issue that plagues corporate America. It’s especially common in the video game industry, where people clone other games and pass them off as the original for malicious reasons (infecting users with malware, microtransactions, etc.), or to make money from what is not theirs. Most app stores have a form of verification for application submissions, and this is where most of these clones get weeded out. However, some always get through, and just that small amount can wreak havoc on an intellectual property’s image. What companies themselves do to remedy this is add warnings to their games that outline the steps required to check the validity of an application. Sometimes intellectual property is stolen through apps meant for modifying the source content. For example, Minecraft skin apps exist for the purpose of helping users get custom skins for their character, but these apps are risky because you can’t verify whether they are dangerous or not, despite carrying the Minecraft name.


Ahmed Abdulghany 


Corporate America faces major security risks that impact operations and reputation. One key threat is cyberattacks, such as phishing, ransomware, and data breaches, where hackers gain access to sensitive information. Another risk is insider threats, where employees misuse or accidentally expose company data. Intellectual property theft is also a concern, as stolen ideas or designs can harm a company’s competitive edge.

To reduce these risks, companies use cybersecurity tools like firewalls and encryption, keep systems updated, and train employees to recognize threats. They also limit access to sensitive data and create incident response plans to handle breaches quickly.

Overall, combining technology, training, and strong policies helps companies protect their systems and information.


Elsa Shaikh


Cyberattacks are a big security risk in in corporate America because many companies depend on digital systems to store data. Cyberattacks include ransomware, phishing, and data breaches, which can cause a lot of damage to a company, including financial and legal issues. To combat this, companies use cybersecurity tools like firewalls, data encryption, and more. 

Nadia Brown

The adoption of Artificial Intelligence can be attributed to innovation, increased productivity, and enhanced efficiency, however; for corporations it can be a double edge sword. Artificial Intelligence (AI) has transformed cyberattacks. Cyber criminals are now using AI-generated phishing emails, deepfakes, and malware. AI tools have democratized cybercrime. The barrier to entry is extremely low now. Corporations with internal AI models are particularly vulnerable because their own AI models can potentially be poisoned by an attacker.

 

Despite AI being a double-edge sword, cybersecurity professionals can still use AI to their advantage. AI can provide threat detection and intelligence. AI can monitor network traffic and flag unusual activity that could indicate a potential security breach. AI can be used to help prevent phishing and social engineering attacks. With Natural Language Processing, AI systems can analyze the tone, content, and structure of email messages. If something is off the email can be blocked before it ever reaches the recipient. AI can also be used to protect endpoint and network security. AI systems can detect malware contained within an endpoint before it starts to spread. An infected endpoint will be isolated from the rest of the network.  


David Lin


Two such cases come to mind that are timely, both of which are A.I. related. The most egregious case I can remember in recent memory was the U.S. Cybersecurity and Infrastructure Security Agency (CISA) acting director Madhu Gottumukkala, who was forced to resign after uploading sensitive documents to a public version of ChatGPT earlier this year. The irony in this case needs no explanation. I see issues like these as proof that mistakes made by humans are sometimes magnified by misusing A.I.

    The consequences of a big tech push for A.I. generated codebases have led to concerns for users about the security and legitimacy of applications that push updates with A.I. generated code. Big tech CEOs make bold claims on the public stage touting the capabilities of their own A.I. systems to generate useful code. Major tech companies like Microsoft and Google claim the proportion of A.I. usage to be around 30% with Anthropic's CEO making a claim in early 2025 that 90% of their code is generated by A.I. 

    Users are understandably skeptical of these figures and how well they translate to actual progress and how these changes can cause major security drawbacks. Recent Windows 11 updates pushed by the tech giant Microsoft has seen a wide variety of issues including failure to access drives, failure to access the full speed of drives, BSOD errors and crashes, and compatibility failures with Nvidia graphics drivers, among others. Although Microsoft has released micro patches to address certain issues, many are still waiting to be fixed months after the update release. All this comes after announcements of A.I. Generated code quotas set by the company. Although this doesn't directly spell security vulnerabilities, the inconsistency in the most widely used operating system in the world and the lack of urgency for addressing key issues leaves the user with much to be desired.

    Luckily, the story writes itself sometimes, as big tech companies are backpedaling on their A.I. push amidst backlash from users and critics that aren't convinced A.I. increases productivity or user-satisfaction. Windows started to address this issue recently by backing down from an aggressive push to integrate A.I. systems into Windows 11 in the past few years. Microsoft and other companies are likely putting on the appearance that they are aligning with user interests. Despite this, I think a reduction in A.I. usage is overall better for the security and safety of corporations.

    According to a national review article titled What Corporate America Fears About AI: Insights from the S&P 500's Risk Factor Disclosures , AI poses both a reputational risk for corporations as well as a security risk due to their dependence on cloud platforms. Take for instance the current war in Iran which led to the shutdown of any corporation that relied on AWS data centers that power much of the web including Anthropic in the region which got tangled up in the war with defense contracts. Conversation regarding bolstering U.S. server infrastructure is one way to get around this geopolitical challenge. These are just a few issues and some simple solutions to a growing topic of importance in the cyber landscape that lies at the heart of the current global conflict.


Thanks,

David Lin


Here are the sources I used for this report:

https://www.politico.com/news/2026/02/28/cisa-cyber-leadership-madhu-gottumukkala-00804515

https://www.politico.com/news/2026/01/27/cisa-madhu-gottumukkala-chatgpt-00749361

https://cybersecuritynews.com/secure-microsoft-intune-environments/

https://futurism.com/artificial-intelligence/microsoft-update-prevent-shutdown

https://www.techpowerup.com/345893/microsoft-steps-back-from-ai-everywhere-in-windows-11-to-focus-on-core-features

https://www.nytimes.com/2026/03/17/technology/anthropic-pentagon-national-security-risk.html

https://natlawreview.com/article/what-corporate-america-fears-about-ai-insights-sp-500s-risk-factor-disclosures


Cole Reynolds


Phishing is one of the most common cyberattack vectors. Phishing attacks target employees through fake emails, links, and attachments designed to steal credentials, install malware, or gain access to internal systems. This threat is especially serious because even strong technical defenses can be undermined by a single human mistake. Companies may invest heavily in cybersecurity awareness training, email filtering, and multi-factor authentication, but an employee who opens a malicious attachment or clicks a convincing link can still create an opening for attackers.


To combat phishing and similar threats, companies use a combination of employee education and technical safeguards. Security awareness programs teach workers how to recognize suspicious emails, while IT teams deploy spam filters, attachment scanning, and access controls to reduce risk.


These steps can mitigate phishing attempts, but no ITsec team can always prevent every single employee from clicking on executable PDFs.


Kevin Dias


Intellectual property theft is a very common issue that plagues corporate America. It’s especially common in the video game industry, where people clone other games and pass them off as the original for malicious reasons (infecting users with malware, microtransactions, etc.), or to make money from what is not theirs. Most app stores have a form of verification for application submissions, and this is where most of these clones get weeded out. However, some always get through, and just that small amount can wreak havoc on an intellectual property’s image. What companies themselves do to remedy this is add warnings to their games that outline the steps required to check the validity of an application. Sometimes intellectual property is stolen through apps meant for modifying the source content. For example, Minecraft skin apps exist for the purpose of helping users get custom skins for their character, but these apps are risky because you can’t verify whether they are dangerous or not, despite carrying the Minecraft name.


David Flores


Some security risks in corporate America would mainly come from the inside of the company. One of the known risks would be malicious employees as their main purpose is to obtain and sell/trade secrets of the company to competitors. In my opinion, I believe this is the more known risk and many corporations do check their employees. But another risk that I believe corporations are less knowledgeable about would be leaking data with AI tools. As spoken from many computer engineers, when using any AI tools like ChatGPT or Claude, the data that is provided to their models are then uploaded to their systems. A negligent data scientist might have given an AI tool some sensitive data and now that sensitive data becomes public. A way that these corporations fight against these risks is to create their own AI agents to monitor the conversations between their uses and the tool, after catching a possible flag they could stop the network. 


Dante Pruitt


Corporate America faces threats like cyber attacks and fraud constantly. They also have to deal with constant attacks from phishing scammers and data breaches that expose sensitive information. To combat these kinds of attacks 2fa is used to protect employees' emails in case of a password being breached. As well as proper firewall and network management to protect systems from suspicious traffic. 


Zahra Qureshi


Cryptocurrency scams are a growing security risk in corporate America because they take advantage of people’s interest in digital money and how confusing it can be. A well-known example is Ruja Ignatova, who created OneCoin, which was falsely promoted as a real cryptocurrency but turned out to be a massive scam that stole billions of dollars from investors around the world. This case shows how people can be misled by fake promises, lack of regulation, and the difficulty of tracking digital transactions.


To deal with problems like this, companies and governments have started adding more rules and protections. For example, they use identity checks (KYC rules), monitor transactions for suspicious activity, and educate people about common scam tactics. Businesses are also more careful when investing in or partnering with crypto related companies. These steps help reduce fraud and protect both companies and individuals from losing money.


Olivier Jean Pierre


Some  security risks in corporate America might be the misuse of sensitive data in AI systems, phishing attacks,  insider data leakage and unauthorized access to restricted data and data breaches. These threats expose confidential information which can hurt a company financially and reputationally


Methods to mitigate these issues is to add employee training to recognize phishing and social engineering attacks, Multi factor authentication, zero trust architectures (if you need it)


Jun Li Lin


For security risks related to cyberattacks companies can take steps in training employees on phishing awareness, they can also implement MFA, make sure their software are up to date and have firewalls and intrusion detection systems to make it harder for the attacker to get in.


For internal threats they can have things like role based access control, NDA's and exit procedures to make sure employees don't leak anything, they can also have an activity log on what the employees are doing to make it easier to track down perpetrators. 


There are other things like making sure everyone have a strong password, good encryption on data, backing up data to prevent data loss.


William Socci


A major security risk that is a constant threat among the corporate American world is insider threats. This occurs when employees misuse or even leak sensitive information, for example with customer information. Often times, insider threats occurs intentionally through selling and trading one's secrets. However, it's completely possible for it to happen unintentionally with instances such as negligence. What's so dangerous about these threats is that these employees often have direct links to information and systems in the palm of their hands. A way that companies try and combat this is through having strict access controls or giving access to workers to only the things they truly need. It's also important for them to monitor their workers' screens and clicks, or even as simple as doing background checks when they hire someone new. By training one's employees would help to avoid this, but even some signed NDAs prevent this from happening as well. One really good example of that that I can think of is the case of Tesla, where one former employee leaked the information by stealing and sharing confidential data. Tesla's response to this was by tightening their system and strengthening the internal system as well.


Jude Duperval


Corporate America is met with a multitude of security risks, both digital and internal. Cyberattacks like ransomware, phishing, and data breaches are constant forms of threats, especially as attackers get more savvy, and companies rely on huge modes of network. Internally, there’s always the risk of employees walking off with sensitive data or accidentally exposing it via things like poor access practices or IT-shadowing. To help mediate these risks, companies attempt to place emphasis on defenses. For example, multi-factor authentication, tighter access controls, continuous monitoring, and regular patching on the tech-end. Furthermore, employee training and clearer policies around how data is handled. Ultimately, security risks are an inevitable concern, and the best way to challenge them is by continuously anticipating worst-case scenarios, and updating protocols based on past scenarios and incidents. 



Ishtiaq Alam



Corporate America faces several major security risks, including cyberattacks (like phishing, ransomware, and data breaches), insider threats (employees stealing intellectual property or leaking data), and weak system vulnerabilities (outdated software or poor access controls). Intellectual property theft is especially critical in tech and finance, where sensitive algorithms, trade secrets, or client data can be exploited for competitive advantage.

To combat these risks, companies implement multi-layered security measures such as encryption, firewalls, and multi-factor authentication to protect systems. They also use employee monitoring, background checks, and strict access controls to reduce insider threats. Additionally, firms invest in cybersecurity training, regular audits, and incident response plans to quickly detect and respond to threats before major damage occurs.

 Soo Hee Min


Typical security risks faced by U.S. companies include not only cyber attacks such as hacking, phishing, and ransomware, but also information leaks caused by employees or insiders. For instance, if an employee illicitly extracts corporate customer data, technical documentation, or trade secrets, the company risks suffering not only financial losses but also severe damage to its reputation and credibility. In particular, recent trends indicate that attacks involving the theft of critical data—followed by threats to publicly disclose it—pose a far greater threat than attacks aimed merely at paralyzing systems. Consequently, corporate security strategies must not focus exclusively on fending off external hackers; they must also actively manage potential risks originating from within the organization.


    To mitigate these issues, companies employ a variety of countermeasures. First, they prepare for cyberattacks by implementing measures such as multi-factor authentication, mandatory periodic password changes, security updates, and backup systems. Furthermore, they establish differentiated access privileges for individual employees and maintain audit trails of access to critical data to monitor for any anomalous activity. In addition, we aim to reduce accidents caused by human error by regularly conducting training for employees on identifying phishing emails and information security. Ultimately, companies must simultaneously bolster both their technical security infrastructure and their internal management frameworks to effectively mitigate the risks associated with both external attacks and internal information leaks.


This collection of reports from various contributors provides a comprehensive look at the security landscape in corporate America. The consensus highlights a "three-front war" involving external cyber-attacks, internal vulnerabilities, and the emerging complexities of Artificial Intelligence.

1. Primary Security Threats

The contributors identified four major categories of risk that currently plague modern organizations:

  • Cyber-Attacks (External): Phishing remains the most cited threat, with Viktor Hreskiv noting that over 90% of successful attacks begin with a phishing email. Other major threats include Ransomware (extortion through data encryption) and Data Breaches targeting customer or proprietary info.

  • Intellectual Property (IP) Theft: This is a critical concern in high-stakes industries like semiconductors and video games. Filipe Rodrigues and Kevin Dias emphasize that the theft of designs or "cloning" of products can instantly destroy a company’s competitive advantage.

  • Insider Threats: Perhaps the most difficult to detect, these involve employees or contractors. William Socci and Elvis Chen point out that these individuals already have authorized access, making their malicious or negligent actions (like leaking data to competitors) particularly damaging.

  • The "AI Double-Edge Sword": Nadia Brown and David Lin highlight that while AI helps in defense, it also lowers the barrier for criminals to create deepfakes and automated malware. A significant new risk is "Data Leakage," where employees accidentally upload sensitive corporate data into public AI models like ChatGPT.

2. Common Countermeasures

To defend against these evolving threats, the contributors outlined a multi-layered defense strategy:

Category

Specific Measures

Technical Defenses

Multi-Factor Authentication (MFA), Firewalls, Encryption, and regular System Patching.

Access Control

Role-Based Access Control (RBAC), "Least Privilege" principles, and Identity Verification.

Human Element

Regular Security Awareness Training (specifically for phishing) and strict NDAs.

Monitoring

Intrusion Detection Systems (IDS), activity logs, and AI-driven network traffic analysis.

3. Notable Real-World Examples

Several contributors used specific cases to illustrate the gravity of these risks:

  • The CISA Resignation: David Lin noted that the acting director of the U.S. Cybersecurity and Infrastructure Security Agency was forced to resign after accidentally uploading sensitive docs to ChatGPT.

  • The OneCoin Scam: Zahra Qureshi highlighted how billions were lost to "crypto-queen" Ruja Ignatova, demonstrating the risks of unregulated digital assets.

  • Industry Specifics: Reference was made to ASML in the semiconductor space and Tesla regarding internal data theft, proving that no sector is immune.

Summary Conclusion

The overarching theme is that technical solutions alone are insufficient. Because humans are often the "weakest link" (through social engineering or negligence), a successful corporate security posture must combine robust software defenses with a culture of continuous employee education and strict internal governance.

No comments:

Post a Comment

Subscribe to: Comments (Atom)

Assignment #5 due 3/23/26 Security Risks in Corporate America

  Briefly outline some security risks in corporate America and steps that companies take to combat them. They can be cyber or internal like ...