Ah, Halloween. A time when people dress up in creepy costumes and enjoy a marathon of classic horror flicks. And while some people may be spooked more easily than others, here are five things that will alarm even the most fearless IT security pro.
- Protecting a network without sufficient funds. Whether it’s locating qualified staff or convincing upper management that system updates are necessary expenditures, the lack of funds can seriously impede the health of an organization’s security posture.
- A future of unknowns. IT security pros spend a lot of time researching the world of cybercrime so that they can stay out of harm’s way. Happily, White Hats are good at disseminating information to their peers when breach occurs. Vulnerabilities were recently found in Heartbleed SSL and Shellshock Bash, for example, and the community responded by sharing information and patching networks before incident. But what about those unknown exploits? It’s enough to keep IT pros up at night.
- The next Zero Day attack. These large-scale attacks often leverage the aforementioned secret vulnerabilities and use them to spread online malaise quickly. Examples include Storm Worm, which targeted an internet-consuming public and Stuxnet or Duqu that was a customized espionage attack. Oftentimes, these attacks are able to operate for quite a long time without anyone ever being the wiser.
- Insider threats. Threats can come from careless, lazy or even well-intentioned employees who have intimate knowledge of the company’s network and accounts. In the case of a disgruntled former employee, access can be revoked immediately but with the employee who accidentally falls for a social engineering scam, your network may never be the same.
- Falling victim to data breach. We seem to hear about data breaches on daily basis as of late. Not only must IT pros take care of internal damage to systems, but also worry about stolen customer data. This is an expensive problem that can cost millions of dollars due to direct loss and preventative assurances, like paying for victims’ credit monitoring. Then there’s consumer confidence and negative publicity that likely affects bottom line.
No one wants to be the next victim of data theft or deal with unknown attacks, and because of that, sometimes it’s good to be a little afraid as an IT Security Pro. A small dose of fear can be healthy and motivate us to go the extra mile in preventative care. After all, those who remain complacent in their security practice often find themselves to be the next target we’ll read about in tomorrow’s newspaper.