Security can seem like a comedy of errors, in that you have host-based firewalls, an intrusion detection system (IDS), an intrusion prevention system (IPS), security information and event management (SIEM), and mobile device management (MDM); you use network address translation (NAT), require a virtual private network (VPN) for remote connectivity, keep all your systems updated, keep an application safe list and a deny list, encrypt your in-flight and at-rest data, require frequent and complex password changes, read reams of CVEs, and track every possible vulnerability in the known galaxy. Yet, some unwitting user clicks on an email attachment that somehow made it through your spam filter and botches the entire network with malware that sends you and the rest of the IT staff scrambling for days.

Yes, that's the life of a system administrator in every contemporary office environment on the planet. These are indeed the times that try our souls.

You can implement 15 layers of security that are so elaborate and complex that the late Kevin Mitnick, infamous hacker and security consultant, would have declared your network certifiably secure. However, one person with happy fingers can expose your entire network to some faraway advanced persistent threat (APT) group who wants to steal your company's top-secret formulas and sell them to the dark web's highest bidder.

You might begin to wonder if you can keep your data, users, and systems safe when everyone is working against you, including your users. It's bad enough that bad actors constantly hammer, scan, and probe your external systems, searching for a way in, but the users you've trained and drilled on computer security participate in a collective et tu, Brute? moment that makes you question your sanity for choosing system administration as a career. It's OK. We've all been there. If your paranoia level moves from DEFCON 5 to DEFCON 2 at the mere hint of an insider threat, congratulations, you've joined the ranks of those who have met this challenge multiple times.

Those who have managed security and users for more than 20 years have learned to live with an unhealthy level of user disdain. These sys admins are more comfortable fighting APT groups, script kiddies, a variety of random folks with malicious intentions, and even insiders who want to harm, but what they're not comfortable with is the constant battle with those whose only defense is "I didn't think it was dangerous" or "I didn't change anything." Crossing security swords with invisible enemies is challenging, but doing so with someone who could be your parent or grandparent is impossible. You can be frustrated with them, but you must restrict your anger and take that condescending edge out of your voice when explaining the problem.

Yes, it's true. Your greatest security threat is the insider who clicks the link, plays the game, responds to the email, calls the 800 number from a text, or logs into the website that's off by one letter and reveals corporate information, installs malware, or is social engineered into providing access to your internal systems. These threats turn your hair as white as the sands of White Sands National Park in New Mexico. Find photos of yours truly for reference.

Training doesn't help. A security consulting company provided training to my users that included drills, examples, scenarios, and proper responses to all types of threats. Just two days later, the trainer baited us with a bogus email link that almost 50 percent of the freshly trained staff gladly clicked, proving my point.

I'm sorry to report that there is no solution unless it's some artificial intelligence bot that monitors a person's actions and prevents them from clicking, answering questions, responding to bogus surveys, or picking up the phone and carrying on a conversation. This fact doesn't mean you shouldn't try, but just take a reality check and save your sanity by accepting the truth that your best efforts are ignored, forgotten, or taken too lightly.

Constant reminders, short training sessions, and drills are your only hope in avoiding a few incidents. Remember the vital importance of being earnestly vigilant.

Ken Hess * Senior ADMIN Editor