Security: It’s Not Just About Technology
One of the hottest, most talked about areas of IT in the news and on the tech circuit is Security, and for good reason. There is more ransomware, malware, phishing and international hacking than ever before. The impacts to anyone’s business can and will be significant if they have a “breach.”
I recently had the pleasure to sit and talk with an ethical hacker. Some of his comments took me back. So I followed up with a few my security focused contacts and they confirmed what he said. What words of wisdom did he impart to me that got my attention? Hold on just a minute and I will let you in on it.
First, he said that automation and technology for protecting businesses from hackers is improving at a rate unseen in the brief history of IT security. Identification of threats and replication/distribution of known signatures is happening faster than ever before. Sandboxing technologies and preventive endpoint security are doing their jobs and are continuing to improve at an impressive rate. Does this mean that we are safe from hackers? No! However, it does mean that it is getting more difficult for the hackers to get into a diligently maintained IT infrastructure with best practices being followed: Next Gen Firewalls, email, web, DNS, and endpoint security in place and maintained with appropriate policies attached.
So where is the easiest point of access for a hacker? Well, if you assume the items above are in place, policies and tools are covered, so that leaves people. Yes, according to my white hat friend, people and our trusting nature are moving up in the rankings as one of the easiest ways to get into and hack a business.
- Is it common courtesy to hold the door for someone even if there is a badge reader on the door?
- How many people really scan that thumb drive that is given to them at a trade show before they use it?
- Do you always use VPN when working on a public hotspot?
- Do you trust e-mail with the link or attachment that looks like it’s from someone at your office?
- Do you have a long/complex password for your most frequently used accounts?
The best and most effective things you can do from a people perspective are train and promote continual awareness. Policies are important, but adhering to and following those policies takes awareness and training. We in the IT industry have to remember that in our tech savvy age, not everyone is as aware of cybersecurity best practices as we are. If you want to test the theory, ask your parents if they can spot a phishing e-mail?
So the simple message is this: no matter how much time and money you are spending on building and maintaining you security infrastructure, its value will never be fully realized unless you invest in training and improving the awareness of your people. Ask any hacker, they will tell you it’s sometimes easier to walk into a building in some places than to try to hack their IT security perimeter.
Noel Barber is a veteran of the IT industry and serves as the Vice President of Professional Services at ABS. In addition to staying on top of industry trends and changes, Noel works to ensure ABS continuously brings the best technology solutions to our clients.