DEF CON is the catchy title of a security conference held in Las Vegas every year and unlike other security conferences, DEF CON is more for those on the bleeding edge of IT security (hacking specifically) – focused well and truly on the future threats that the world faces. Subjects considered this year included the topical issues of hacking voting machines and hacking autonomous vehicles. Apparently there were children as young as nine years old at this year’s event learning to hack and hopefully developing the skills to close the widening skills gap of cybersecurity talent……
Client and other data is a key concern for all of industry and with the ongoing hacking and other security breaches that seem to fill the news almost daily, industry is correct in being concerned. All that being said, like many stated ‘priorities’ the reality is often very different from the claim with little or no real controls in place to prevent data loss in many organizations.
Not too long ago IT security was a simple affair and little attention needed to be paid to the threat. The IT team established a secure perimeter around the system leaving the computers inside the firewall safe from harm. Locked-down desktops, anti-virus software, limits on the size and type of e-mail attachments were all part of the defenses; USB sticks were expensive and unreliable.
Today workers are taking IT into their own hands. To get the work done they use their own smartphones and other digital devices. Plenty of malware, meanwhile, enters corporate networks through unsecure links shared carelessly on social networks. “The IT guys have been told to do one job, so they lock things down and rule out the use of applications such as Google docs. And the workers are told to do another job, to get their work done, so they start using Google docs, and the power balance is moving away from the IT guys,” says Josh Klein, co-author of Hacking Work, a guide on how to “break stupid rules for smart results”.
According to a survey by networking firm Cisco, 41% of workers regularly break corporate IT policies, saying that “they need restricted programs and applications to get the job done – they’re simply trying to be more productive and efficient”. Frankly this is the biggest current threat to information security and it is a culture clash.
Employees today are much more IT savvy and have different expectations around the use of IT and applications. The whole concept of apps is to make life easier so why would this not apply in the workplace?
Ultimately, corporate IT security is not about better IT policies and compliance, not least as the time spent between work and personal lives has blurred. “It has to be about protecting users while they are on social networking sites, not preventing them from social networking,” argues Dr Paul Judge, chief research officer at Barracuda Networks. His company estimates that about 30% of all Twitter accounts are suspicious and not used for what they are supposed to be used for.
Companies need to protect themselves and to ensure that no malicious applications are entering the corporate infrastructure.
One thing is certain in the clash between productivity, getting stuff done, and information security, progressive companies need to get a grip and find an appropriate balance. As the fortress of IT security lies in ruins and as the amount of data we generate grows exponentially, this issue is not going away………
Cyber Sense
Optimize Blog - July 31, 2017 - 0 comments