6 real security threats IT professionals face


IT security can overwhelm even the most seasoned security expert when headline-grabbing threats like Spamhaus DDoS are brought to the forefront by media. SolarWinds, a U.S. provider of IT management software, outlineds six security threats that many IT professionals never think they'll face (until they do) and provides best practices to help prevent and manage unwanted threats from becoming a reality.

  1. Targeted espionage - While security experts may know better, many IT pros might think: "My organization is not a high-value target. What do we have that anyone would want?" In reality, the answer is more than they would guess. Sensitive and personal information like credit card and social security numbers, patient records, to name a few. Plus, with direct access to the breached network, they could do damage to other organization's networks.

  2. Unintentional or accidental loss of that data - Aside from organizations placing a great deal of trust in their employees and believing that their policies are adequate, what might take IT pros by surprise is simple employee ignorance. Due to the proliferation of personal mobile devices, employees are taking their work home with them more often. This has made it extremely difficult to keep track of who and what is connecting to the network, resulting in less control and increased security risks.

  3. Denial of Service Attacks (DoS) - DoS and DDoS attacks are among the inventive hacking practices on the rise that could bring down business critical services, inhibiting user access and business continuity. IT pros may get caught off guard with this type of attack since, in many cases, it's the result of someone out to wreak some havoc.

  4. Understaffed IT team - As organizations grow and bandwidth for time and resources are taxed, it's easy for over-extended IT pros to overlook existing rules and inadvertently open security holes simply by not knowing the full impact of their changes, or for under-experienced IT pros to not know what to monitor and what tools to use.

  5. Phishing attempts - Culprits masquerading as a trustworthy entity attempt to acquire usernames, passwords, credit card details, and account information to gain access to a system through email or via instant messaging. Organizations which are most affected believe that their controls are good enough, relying on junk mail as a catch-all or their users to know when and when not to open suspicious email.

  6. Malware exploiting common vulnerabilities in Java and Flash runtimes - For many, if not most, organizations, third-party applications like Java and Flash are critical infrastructures required to use a large number of business applications. Organizations are prime targets for infestations when IT pros assume that the most recent application version is security-proof, they are not up-to-date on their patches, or when they don't have full account of all the applications installed by end users.

Before You Booby-trap the Perimeter, Lock the Front Door

It's easy to get caught up in preventing what-if scenarios, but it's most important to remember Security 101 -- the basics of what every IT pro should consider when securing their network, including:

-- Define and establish security policies and rules. -- Document your network, policies and access. -- Continuously track and monitor activity and behavior with real-time alerts and reporting. -- Automate with software tools where you can. -- Have an incident response plan including when to notify corporate legal, PR and customers/clients. -- Regroup after an incident to ensure appropriate actions have been taken to mitigate risk in the future. -- Use operational management tools to gain insight into suspicious behavior.

"In the pursuit of defending against the latest and most sophisticated attacks, we find many IT professionals doing so at the expense of fundamental security controls. IT security is not always about over-complicated issues or threats, but doing the basic steps to ensure you have a secure foundation in place," said Javvad Malik, senior analyst, 451 Research.

© JCN Newswire

©2022 GPlusMedia Inc.

Login to comment

To sum this article up (apart from DoS attacks), the number 1 risk to IT security is idiot users who answer obviously fake messages from Nigerian Princes, download dodgy programs, tape their passwords to their monitors, try to bypass the firewall, disable their firewall, etc.

As for DoS attacks being unexpected... seriously? I remember back in the early days when "smurfing" (a primitive DoS technique aimed at overloading a system so it rebooted) random systems to try and make them reboot so you could take advantage of the system while it was in reboot was a standard saturday night of fun.

0 ( +0 / -0 )

I always make sure I turn off Java Script in my browser. It's just too dangerous to have on. You can go in the settings and turn it off for all pages and then be safe.

0 ( +0 / -0 )

Login to leave a comment

Facebook users

Use your Facebook account to login or register with JapanToday. By doing so, you will also receive an email inviting you to receive our news alerts.

Facebook Connect

Login with your JapanToday account

User registration

Articles, Offers & Useful Resources

A mix of what's trending on our other sites