3 New Year’s Resolutions for Network Administrators

Although it’s been a historically troubling year for the cybersecurity community, the advantage of a new year is that network administrators can make a fresh start. The end-of-year Sony hack has brought even more mainstream attention to network security – not to say that a full year of prominent attacks didn’t – and this increased awareness should lead to healthier IT security budgets and more resources to prevent the next attack. When network administrators get back to work in 2015, here are three New Year’s resolutions they should focus on: 1. Take Back Control with Remote Access Central Management As IT administrators know all too well, employees often perceive a see-saw effect between their productivity and the degree of restrictions placed on the technology they use day-to-day. The fewer restrictions, the easier their jobs become, and vice versa. So, how can IT departments find middle ground? The answer is to selectively limit the ability of employees to access and share certain information. Unfortunately, as a report by the Ponemon Institute found, 80 percent of IT administrators say their companies do not enforce a “need-to-know” data policy. This is despite the fact that, as the report said, “An organization that reduces the amount of data employees have access to … and streamlines their processes for granting access will likely benefit from more productive employees.” The New Year’s lesson here for network administrators is to take back some power from employees. Just as some of the most common New Year’s resolutions focus on regaining control of some aspect of your life, whether that’s financial (reducing debt), social (planning a vacation), or...

The Three Human Failures Behind Remote Access Shortcomings

Whenever news of a network security breach reaches the public airwaves, observers are quick to assign blame to some combination of technological shortcomings and human error that allowed an attacker to slip through the victim’s cyber defenses. When it comes to remote access in particular, network security is even more dependent on technology like VPNs, and employees who do their part and follow company protocol. Unfortunately, network administrators often find themselves in a position where, due to human imperfection, remote access technology is the constant that protects their network. Here are the three types of people who are guilty of common, understandable human errors that network administrators need to have on their radar, and try to protect against, as they build a network security infrastructure: The Strained IT Pro Information security professionals are modern-day gladiators, fighting back against complex network security threats, internal and external, as quickly as they form. Yet, as a Ponemon Institute study revealed earlier this year, many IT departments are overburdened as they try to defend against all of these threats at once. The problem is actually two-fold: a dearth of talent to fill positions (according to the study, 70 percent of the organizations say they do not have sufficient IT security staff) and turnover in security positions that can be filled (CISOs leave their positions, on average, after 2.5 years). The result is that IT departments, despite their best efforts, cannot defend against every attack particularly as cyberattackers diversify and expand their efforts in the coming years. The Oblivious Employee For companies that lack a consistent frontline defense by their IT staff, employees are next...

Cyber Threats in 2015: New Attack Vectors, More Severe Incidents

One year ago today, Target was gearing up for Black Friday sales and projecting a strong end to the year. That was the company’s primary focus. The same could be said for Neiman Marcus and Home Depot. And no one had even heard of Heartbleed or Shellshock yet. Needless to say, much has changed in the last year. If 2014 ends up going down in the history books as the “Year of the Cyberattack,” then what does 2015 have in store for network administrators? We’re already started to see the predictions start to roll in, the first coming from the report, “The Invisible Becomes Visible,” by Trend Micro. The report paints the new network security threat landscape as becoming much more broad and diverse than it has ever been, evolving beyond the advanced persistent threats (APTs) and targeted attacks that have been the favorite weapon of hackers. Trend Micro CTO Raimund Genes told InfoSecurity that cyberattack tools now require less expertise to use and don’t cost as much. He listed “botnets for hire … downloadable tools such as password sniffers, brute-force and cryptanalysis hacking programs … [and] routing protocols analysis” as just a few of hackers’ new favorites. Given these new threats, how can network administrators shore up their network security for 2015 and beyond? The ‘Three-Legged Stool’ of Network Security As network administrators build out their network security infrastructure, it’s best to focus on the so-called “three-legged stool” approach – prevention, detection and response. Network security cannot be limited to simply installing prevention measures and hoping for the best. Why? Because there is no one universal, surefire way...

7 Security Threats You May Have Overlooked

If there’s been a silver lining to the string of devastating cyberattacks against some of the biggest organizations in the world over the last year, it’s that the list of “what not to do” has continued to grow, putting other companies on notice. If you use a third-party vendor, for example, make sure their networks are just as secure as your own. When there are known security vulnerabilities, reconsider using end of life operating systems like Windows XP on your devices. These are some of the most prominent recent lessons, but there are plenty of other threats to network security lurking just below the surface. And these are the vulnerabilities that attackers will look to exploit. After all, why would they target a well-defended vector when there may be an easier point-of-entry somewhere else? That would be like a burglar trying to break down a locked door, instead of checking first to see if maybe a window was left cracked open. In today’s business environment, the list of overlooked network security threats is endless. Information security professionals are modern-day gladiators, tasked with defending corporate data and networks against both known and unknown threats, but no matter how skilled they are, there will always be new threats to their networks. Here are seven to think about: 1. Rogue Employees 2. Delayed Device Deprovisioning 3. A Single, Vulnerable Security Vendor 4. Out of Date Software 5. Failure to Adapt to New Technology 6. Security Solutions and Policy Misalignment 7. Shadow IT REGISTER FOR WEBINAR Most working environments would be lucky to be vulnerable to only one of these. The reality is,...

Remote Access No More: Reddit Requires Worker Relocation Before End of Year

Even just a decade or two ago, it would have been unfathomable to think that sometime in the near future, workers would be upset that their employer was requiring them to work in the same office as the rest of their team. Then again, so too would the concept of BYOD and the idea that workers would even have the option to work remotely, from home offices and coffee shops, without missing a beat. But, that’s exactly what happened last month, when Reddit, the self-proclaimed “front page of the Internet,” announced that its employees would soon be required to work out of its San Francisco headquarters, or face termination. Reddit CEO Yishan Wong described the change as one designed to “get the whole team under one roof for optimal teamwork.” No surprise there, really – you usually hear some variation of that line from executives who scrap remote work policies. It’s the same reasoning we heard from Yahooites when that company made similar changes to its remote work policy nearly two years ago, citing the need for “working side-by-side” to spur communication and collaboration among employees. Critical reaction from Redditors and others in the tech community has been just as swift and decisive as it was against Yahoo in early 2013. Yet, for every Reddit and Yahoo that bucks the trend toward remote work, there are plenty of other examples of companies that have embraced remote work with great enthusiasm. All Remote, All Rewards Automattic, the web development company behind WordPress, only has about 300 employees. For a technology business, that’s hardly a blip on the radar, when compared...