6 real security threats IT professionals face

IT security can overwhelm even the most seasoned security expert when headline-grabbing threats like Spamhaus DDoS are brought to the forefront by media. SolarWinds, a U.S. provider of IT management software, outlineds six security threats that many IT professionals never think they'll face (until they do) and provides best practices to help prevent and manage unwanted threats from becoming a reality.

1. Targeted espionage - While security experts may know better, many IT pros might think: "My organization is not a high-value target. What do we have that anyone would want?" In reality, the answer is more than they would guess. Sensitive and personal information like credit card and social security numbers, patient records, to name a few. Plus, with direct access to the breached network, they could do damage to other organization's networks.

2. Unintentional or accidental loss of that data - Aside from organizations placing a great deal of trust in their employees and believing that their policies are adequate, what might take IT pros by surprise is simple employee ignorance. Due to the proliferation of personal mobile devices, employees are taking their work home with them more often. This has made it extremely difficult to keep track of who and what is connecting to the network, resulting in less control and increased security risks.

3. Denial of Service Attacks (DoS) - DoS and DDoS attacks are among the inventive hacking practices on the rise that could bring down business critical services, inhibiting user access and business continuity. IT pros may get caught off guard with this type of attack since, in many cases, it's the result of someone out to wreak some havoc.

4. Understaffed IT team - As organizations grow and bandwidth for time and resources are taxed, it's easy for over-extended IT pros to overlook existing rules and inadvertently open security holes simply by not knowing the full impact of their changes, or for under-experienced IT pros to not know what to monitor and what tools to use.

5. Phishing attempts - Culprits masquerading as a trustworthy entity attempt to acquire usernames, passwords, credit card details, and account information to gain access to a system through email or via instant messaging. Organizations which are most affected believe that their controls are good enough, relying on junk mail as a catch-all or their users to know when and when not to open suspicious email.

6. Malware exploiting common vulnerabilities in Java and Flash runtimes - For many, if not most, organizations, third-party applications like Java and Flash are critical infrastructures required to use a large number of business applications. Organizations are prime targets for infestations when IT pros assume that the most recent application version is security-proof, they are not up-to-date on their patches, or when they don't have full account of all the applications installed by end users.

Before You Booby-trap the Perimeter, Lock the Front Door

It's easy to get caught up in preventing what-if scenarios, but it's most important to remember Security 101 -- the basics of what every IT pro should consider when securing their network, including:

-- Define and establish security policies and rules. -- Document your network, policies and access. -- Continuously track and monitor activity and behavior with real-time alerts and reporting. -- Automate with software tools where you can. -- Have an incident response plan including when to notify corporate legal, PR and customers/clients. -- Regroup after an incident to ensure appropriate actions have been taken to mitigate risk in the future. -- Use operational management tools to gain insight into suspicious behavior.

"In the pursuit of defending against the latest and most sophisticated attacks, we find many IT professionals doing so at the expense of fundamental security controls. IT security is not always about over-complicated issues or threats, but doing the basic steps to ensure you have a secure foundation in place," said Javvad Malik, senior analyst, 451 Research.

© JCN Newswire