Security issues on large networks are different than on small office or home office businesses. The main reason is size.
The majority of hackers are looking for targets of opportunity. This is one area where large and small organizations face similar risk. A small company with a mis-configured web server is just as enticing to opportunity hackers as a large one.
Where large organizations are at greater risk is targeted hackers. These Hackers are determined to penetrate a certain company for several reasons including corporate espionage, intellectual property theft, or sabotage. A company with thousands of servers offers a huge attack surface. They are also more susceptible to social engineering attacks.
Some of the areas of attacks are:
Problem: Large corporate employees many times will have LinkedIn pages and social networks profile pages, these offers a treasure trove for social engineering hackers.
Solution: It would be wise for executives to limit the amount of information that they give away on their profile pages.
Problem: Large corporations will use developmental servers to try out new software packages and programs. Many times they will have Domain Admin passwords on them, even though they are not as secure as production servers.
Solution: Use different Admin passwords on these less secure development systems.
Problem: Automated security update systems don’t always update every server even though in the security system log it may say the updates were sent.
Solution: Once a server is set as a production server, in many companies rarely do admins go back and check individual servers to make sure the systems are really being updated. Nor do they have time to do so. Policy must be put in place to do some sort of verification check on servers.
Problem: Unbelievably, admins are still using simple passwords for administrator accounts on new systems that they are building.
Solution: Preach and enforce strong passwords for accounts with privileges and make it a policy to change the domain admin password on a constant schedule.
This is by no means a complete list, but it does cover some of the more common security mistakes made in large corporations. If server team managers enforce stricter security policy to employees deploying new systems, the company will be much more secure against penetration attempts.