Lead Image © Seasons, 123RF.com
Insider Threats
Welcome
In the sys admin chagrin basket, users are the greatest source of our collective distress. Users click on phishing email messages, they download malware, they spend countless hours on those universal privacy leaks, known colloquially as social media sites, and they insist on trying to unravel our most sophisticated and well-executed security measures. In a word, users are a necessary evil.
We can't tie their hands. We can't unplug their computers or disable their WiFi connections. We can't place a force field around their laptops. And we can't seem to successfully educate them in the ways of safe computing. They are insiders and they are a persistent threat. And we can only hide for so long behind unanswered email, ignored phone messages, and the occasional walk by. We are doomed to deal with this insider threat and no amount of procrastination or advanced Jedi mind tricks will relieve us of our duty of protecting the user – even if it's from themselves.
Taking a soft approach to cybersecurity is one sure method of guaranteeing that you will experience a breach. You can't allow users to determine when they'll install Windows updates, when they'll decide to update their anti-malware software, or when to use multifactor authentication on web-based financial transactions. The soft security approach is better than any virus, adware, spyware, trojan, or worm at compromising your security. Hackers and advanced persistent threat (APT) organizations love IT and security folk who aren't serious about security. They love users who aren't trained. They love C-level executives who haven't been warned about whaling. And they really love systems that are behind on patches.
You can provide the latest and greatest security technology and spend hundreds of hours and tens of thousands of dollars per year on gadgets, on software, on third-party consultants, and on internal audits that will have absolutely no value if even one user clicks on some new email-borne
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
What's the Risk?
As system administrators, we are continually challenged with balancing risk vs. benefit. In everything we do, touch, or alter, there is risk. -
If You Don't Like Security Guys, Call a Hacker
Many years ago on a school field trip to the local police station, I noticed a bumper sticker on a cop's cruiser that read: "If you don't like Cops, next time you're in trouble call a Hippie." -
Into the Cloud for Security
I still remember the day in the not too distant past when someone told me that Linux wasn't allowed on the network. -
A Thousand Words Paint a Picture
Every system administrator wants to automate the tedious and mundane tasks they must perform regularly. But there's a dark side to automation, too. -
Future-Proof
I'm often asked which type of training and certifications I would recommend to someone who either wants to further their current career or who wants to break into information technology as a system administrator.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
