We recently heard insights from IT experts about the dangers presented by vulnerabilities in their internal user base and processes, such as password weakness and the challenges of balancing flexible work and BYOD with creating secure systems.
However, the other very real side of the security coin is external threats and data breaches. How do CTOs and CIOs protect against ever-evolving enemies and malicious technologies designed to hold your data hostage?
In part two of our series on what keeps IT up at night, let’s take a look at some of the answers we received from IT experts about how to deal with the cyber enemies at the gates.
Salo Fajer, CTO of Digital Guardian, states that, “External threats are getting more sophisticated in nature, to the point where even the White House fell victim to a targeted attack this year. One of the more common techniques used by hackers is spear-phishing, where malicious emails targeting a specific user or organization is sent, then quickly infecting systems and gaining access to corporations’ networks and sensitive data.”
Joshua Crumbaugh, director of penetration testing at Tangible Security, explains the dangers of poorly managed patches and updates, stating that, “Poor patch management can open a corporation up to vulnerabilities that allow an attacker remote access to their systems and data.” He goes on to explore the dangers of unknown or unpatched vendor vulnerabilities, adding that, “These vulnerabilities are very difficult to protect against since they are known only to the attacker who is targeting your network and not to the vendors who are patching security vulnerabilities.”
One of the more devious tools in hackers’ arsenals today is known as ransomware, designed to block access to a system or data until a sum of money is paid. Several of the experts that responded to our questions listed ransomware as a key threat that kept them up at night.
According to Shaun Murphy, founder of PrivateGiant, “Bad software enters your network and quickly goes through and starts encrypting all of your files. You’re not in control of the encryption process and thus cannot decrypt your files. Uh oh! They claim they will unlock your files for a price thus the name.”
Brandon Allgood, CTO of Numerate, Inc. made a key point about how widespread the danger of ransom attacks is, adding that with ransomware, “anyone can be a victim, even if you have no user data.”
And Ryan Armstrong, director of IT support of Miles Technologies explores the importance of accepting the possibility of a hack and being prepared, saying that, “Malware…can bring a company to its knees and result in paying off hackers or losing data completely. Have we mitigated the possibility of infection enough? Knowing that it’s impossible to stop every possible method of infection, do we have sufficient systems in place to recover quickly if something does happen?”
Finally, there’s the problem of future-proofing, of always trying to stay ahead of an enemy that’s constantly evolving and developing new tactics. Let’s go back to Ryan Armstrong who sums up that problem well:
“What effect will tomorrow’s exploit have? We’ve done everything we can to prevent and mitigate known concerns but are we ready to quickly learn about and respond to the next exploit? Malware…crippled networks within minutes in the past, how quickly could we address something like that if it were to appear again?”
Do these problems ring true for your organization, or are there other enemies you’re concerned about fighting? Let us know in the comments below.
For more insights on the changing tech and trends shaping enterprise collaboration, download our free eBook “The Future of Business Collaboration: 2015 Edition” today.
This post originally appeared on CIO.com’s Collaboration Nation blog, sponsored by PGi.