BEST OF THE WEB

Six hard truths IT pros have to face

IT security pros have a mountain of work on their hands trying to ensure every possible weakness in their infrastructure is defended. It rarely is.

Frustrating? You bet. But they shouldn’t be discouraged. Computer security expert Roger Grimes has boiled what they need to understand into six hard truths IT pros need to learn, which not only will toughen their hides will also help mitigate most attacks.

Last on his list but the biggest lesson is the inability of administrators to appropriately prioritize competing risks. “Some of the hundreds of possible ways to exploit a company are far more likely to happen than others,” he writes. “This makes for a huge gulf between your highest-rated threats and your most likely ones. Success belongs to those who focus their security efforts more often on the latter.”

Other truths:

–Thanks to the proliferation of mobile devices belonging to staff and partners, forget about trying to put protective software on every device that accesses your network. So at the very least any security solution has to be able to tell you which devices  are having problems with AV software. Then look for commonalities and try to get the software installed on as many devices as possible.;

–You’ll never have enough staff to help install and maintain security solutions. Instead, get a plausible staffing solution in place before buying more security technology;

–No matter how good you are at patching, attackers only need to find one vulnerability;

–Attackers are still faster at finding new vectors to use than defenders are at putting up walls;

–The anonymity the Internet affords is one of the biggest aids to attackers.

Sounds like an impossible challenge. It isn’t — it’s merely hard. But these are truths to be faced.

Read the whole column here.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web