IT Security: Why Many IT Professionals Miss the Mark
The cyber threat landscape has evolved tremendously in the last 4-5 years. The once occasional data breach or cyber theft we would hear about in the news is now almost a daily occurrence. As the threats have evolved and have become more complex, the security tools and processes must also evolve in order to counter this nefarious spread of threats.
What were once considered security best practices 5 years ago are now wholly inadequate to stop the advancement of viruses, Ransomware and data theft. And unfortunately, the IT professionals are caught in the middle. And to be fair, it’s not entirely their fault.
The Role of the IT Professional:
The primary role of an IT professional or IT Department is to keep an organization’s systems up and running—with the standard goal of the “five nines”—99.999% uptime. They focus on maintaining the operating efficiency of the network and all software applications to allow maximum worker productivity. Some of that includes aspects of security—like maintaining antivirus—but the focus is on keeping the systems up and running.
If you ask an IT professional if they are protecting their company from hackers, they will say yes. When you ask them what they are doing for security, 90% will probably mention 3 things:
- A firewall
- Implementing security updates and patches on PCs and servers
- Antivirus installed on the endpoints
In their mind, they honestly feel that they have a solid security plan. While in the past, these 3 items may have been enough to protect a network, the reality is that these items don’t even begin to protect a company’s network and confidential data in today’s hyper cyber-threat world. The sheer epidemic number of data breaches, hacks and thefts is proof that most companies are not protected at all.
The Role of the Security Expert:
Security experts, on the other hand, focus on the data. Data that comes into the network, data that moves around the network and the data that leaves the network. Efficiency and uptime are not areas they are concerned with. These experts have specialized knowledge and training. They utilize different tools than the “IT guys”. They have a whole different perspective on the network and how it should be architected. Especially if there are a lot of regulatory compliance that the organization must comply with.
The Common Misunderstanding:
A lot of business owners and CEOs think that IT and IT Security are the same thing; however, this is the farthest from the truth. In fact, IT and Security tend to be at odds with each other. Remember, IT is about operational efficiency and security is about the data—analyzing it and protecting it. The more security measures a company implements, the slower the network becomes and the less productive the workers are. For instance, two-factor authentication. This is a security practice where a user has to authenticate twice before they are allowed access to a certain software application. It starts the traditional way where the end user types in a user name and password into the login screen. But then they are emailed (or receive a text) of a second unique code that needs to be inputted into the log in screen before they are allowed access. Great security practice—but more work and time for the end user. It’s up to the leadership of the company to decide what it is the proper performance/security balance for their organization.
What Companies Should Do:
What can a company do if they are concerned about the security and ongoing protection of their network and data? The first thing is to find an established and reputable Managed Security Services Provider to conduct a Security Assessment (Threat, Vulnerability and Risk). This organization should have knowledgeable, experienced security experts, with CISSP certifications, who can not only perform the assessment but also be able to reverse engineer a network breach and be able to eradicate malicious files on the network using forensic analysis. Once the assessment is complete and recommended additions/changes to products and processes are implemented, it’s important to engage the Managed Security Services Provider to work alongside the IT professional/IT department to provide continuous ongoing security protection while also maintaining network performance.
Visual Edge IT Technology Solutions, along with our sister company ThreatSHIELD Security, provides a unique set of managed services to assist customers with their IT needs and/or their Security needs. We have both highly skilled IT professionals and experienced IT security experts with CISSP certifications on staff. These teams work harmoniously alongside each other to help businesses operate as efficiently and securely as possible. If you think your business could benefit from a Security Assessment or if you’re interested in learning more about our Managed Security Services, please contact us, we’d be happy to answer any questions you may have.
[button text=”Click Here to Contact Us” class=”font-16 uppercase” link=”/contact-us/” type=”primary” size=”medium”]
(RELATED: Prep for IT incidents with external support)
(RELATED: New cyber threats in 2017 to watch out for)
(RELATED: Security Breaches: Tips for Prevention)
(RELATED: Managed Services for Cyber Security)