If you’ve been in the IT field for a while, you know that one thing you can depend on is that you can’t depend on anything to stay the same. Technology is always advancing, trends are always changing, and you’re often left scrambling to keep up. Nowhere is this more true than in the security sector. New threats seem to emerge on a daily basis, and unless we adjust a security strategy accordingly, we can find our networks exposed to service interruptions, data leakage, even complete hostile takeovers.
Yet busy IT admins often get bogged down in the day-to-day workload and don’t have time to even keep up with how the threat scape is growing and reshaping, much take the steps necessary to protect against new types of attacks. Here are 5 reasons to make it a priority sooner rather than later:
- All platforms are targets. Once upon a time, you could get away with a certain amount of “security through obscurity.” Running operating systems with a low market penetration (Mac, Linux) meant the bad guys were less likely to bother building malware and hunting down exploits because they could get so much more “bang for the buck” by focusing on Windows. Now all platforms are fair game – and all operating systems have security flaws that can be exploited, as recent vulnerabilities such as Heartbleed and BASH (Shellshock) have demonstrated.
- It’s not just about servers and workstations anymore. Your company is probably diligent about patching and running up-to-date anti-malware software on your servers and workstations, but the explosion of the “Internet of Things” (IoT) means there are more and more devices connecting to networks (surveillance cameras, coke machines, thermostats, smoke alarms, smart watches and other wearables and much more). Many of those “things” run on Linux-based software – this was one reason the BASH bug presents such a serious potential threat – and they often are not updated as often as traditional computers.
- BYOD is a security game-changer. The smart phones, tablets, and laptops that connect to your network are no longer completely under your control if your company has adopted a BYOD policy that allows employees to use personally-owned devices for work. It saves the company money on capital expenditures and it makes workers happy because they can pick and choose their devices, but it also makes it more difficult to maintain the security of those devices and thus of the network.
- Security is a people problem. This has always been true; technology is only half of the equation. The biggest – and most difficult to “patch” vulnerabilities are the human ones. And as the workplace demographic changes, so must our security strategy. A generation of “digital natives” has entered the workforce; these are young people who grew up with computers and see them almost as extensions of themselves. While you might expect them to be more security-conscious than their Luddite predecessors, it’s not necessarily the case. Familiarity can breed complacency, and they’re used to sharing everything over the Internet. Trade secrets and other business information can leak out via social networks and other venues that young people expect to be able to connect to at work during their breaks and lunch periods.
- The cloud complicates things. Cloud services are all the rage now and they offer many benefits, including anywhere-access, lower on-premises datacenter costs and reduced administrative overhead. However, when you place your data and applications in the hands of a cloud provider, it’s essential that you choose the right one, who will be able to protect it. It’s true that major cloud providers such as Microsoft, Google and Amazon have much more money and other resources to sink into security but it’s also true that the bad guys see those public cloud datacenters as very attractive targets. Another danger is that handing off some of your IT services to the cloud will make you complacent about security – after all, now that’s their job, right? Even with cloud computing, security is now a shared responsibility, not one that you can offload completely.
These are only some of the changes in technology and society that bring new challenges to those whose job it is to keep their company’s digital resources safe and secure. If your security policies haven’t changed in a while (or even if they have), it might be a good idea to take a fresh look at them with these factors in mind.