Information technology is an ever-changing field, and arguably IT security staff are the most under the gun in data centres as new threats emerge weekly. So it’s no surprise a recent survey by Trustwave found them feeling a lot of pressure. Here’s seven of the ways it says staff can deal with it. Images from Shuttstock.com
Let the brass know
Rather than run information security programs tactically, IT pros should run them as a strategic business initiative. Make sure execs know what they’re doing to protect customer data, intellectual property and the brand as a whole
Test your security
With 4 out of 5 IT pros pressured to roll out IT projects despite concerns they weren’t “security-ready,” regular security risk assessments and penetration testing are critical. Risk assessments can help businesses identify if that data is vulnerable to an attack. Frequent penetration testing, can help businesses identify and eliminate vulnerabilities
Businesses should regularly provide security awareness training to all employees, including contractors and temporary workers. Executives and business leaders are also prime targets, so training should be required for anyone who has access to private information. End-users often are considered the weakest link when it comes to security.
Protect Web apps
Web applications are a high-value target for attackers, with e-commerce sites being the most targeted asset. Web applications often act as a business’s digital “front door” and are often connected to systems that contain sensitive data. Organizations need to adopt automated protection that includes the ability to detect application vulnerabilities and prevent web application threats.
Watch your partners
Third-party IT providers (or any vendors that have access to IT systems), should be required to have detailed and locked-down security policies, perform ongoing and regular penetration testing, demonstrate appropriate remote access controls, ensure software and hardware is consistently patched and isolate data from other customers.
65 per cent of IT pros surveyed feel are pressured to use security products with lots of features, but a third feel they don’t have the resources to use them effectively. If IT pros don’t have the expertise or staff to perform policy adjustments, fine-tuning and device management, they might be throwing away their money and contributing to a false sense of security.
Hope for the best, prepare for the worst
Adequate preparation can help ease pressures of possible data breaches. Have an incident readiness and response plan that includes detection and containment strategies as well as response scenarios. These elements will help IT staff see, stop and respond to an attack.