Are IT security pros their own worst enemy?

December 20, 20184 minute read

Select article text below to share directly to Twitter!


Of all the departments in a company, it might seem like IT poses the least amount of security risk. After all, IT teams are made up of technology professionals who have a strong grasp of cybersecurity threats and know how to protect themselves. The reality, however, is more complicated.

Over one-third of IT professionals see themselves as the biggest IT security liability, according to a 2017 report from Balabit. That might seem odd at first, but think of it this way: Hackers generally focus their efforts on targets that will allow them to have the biggest impact. IT staff—with their privileged user accounts and full access to business-critical data and systems—are a prime target. By compromising a member of the IT team, hackers can quickly get access to valuable assets, like personal employee data, customer data, and financial information.

This puts IT security pros in a tough position. What can you do when your career is centered on keeping your business secure, but you represent its biggest vulnerability? The answer lies in remembering that IT security starts “at home,” meaning in the IT department. IT pros can minimize their security liability and safeguard their employees, as well as themselves, by staying vigilant when it comes to protecting their credentials, tracking IT staff behavior with analytics, and investing in security solutions that ease the security burden.

Secure credentials with strong authentication

Stealing credentials is one of the primary ways cybercriminals gain access to important systems. Compromised passwords enable them to authenticate applications and steal data, and these days, compromised passwords are everywhere. Shape’s 2017 Credential Spill Report found that more than 3 billion credentials were reported stolen worldwide in 2016. If a hacker steals the credentials of an IT pro, they can wreak havoc across an organization.

IT pros can avoid falling victim to credential theft by implementing countermeasures, like two-factor authentication and biometrics. The stronger the authentication method, the harder it is for hackers to gain access to your accounts. If a code sent to a phone or a thumbprint is needed to gain access to a system, even a hacker armed with stolen credentials won’t get far.

Another way IT pros can secure their credentials is by taking anti-phishing measures, as phishing is often the vector used to steal them. Even though IT may be the team teaching other teams, like HR and finance, how to avoid phishing attacks, that doesn’t mean you can relax your vigilance. Someone who’s confident they won’t fall prey to a phishing attempt may be the one most likely to drop their guard. Regular training on how to identify the latest phishing techniques is just as important for seasoned IT pros as it is for brand-new hires.

Track privileged user behavior

Another way to beef up IT security is to track privileged user behavior with analytics. Let’s say a hacker manages to get through your authentication countermeasures; time is of the essence for detecting the attack and mitigating the damage. In the Balabit report, 47 percent of IT professionals said the time and location of login was the most important user data for spotting malicious activity in a timely manner.

Chances are a hacker is not going to act “normally” once they have access to the system—they are there to cause trouble. IT pros need the ability to immediately spot suspicious or abnormal activity and trace the origin of the attack once they do. Analytics makes this level of monitoring possible. Security teams should be continuously tracking what their own users, as well as other privileged users (like C-suite execs) are doing with their access rights.

Reduce the burden with print security solutions

The proliferation of mobile devices and the Internet of Things (IoT) in the workplace has added to the number of devices IT teams need to secure. However, securing all those new endpoints requires significant time and resources, and an overburdened IT team is one more likely to make mistakes.

The way to balance these two imperatives is by investing in new technology that helps secure these devices or—even better—devices that secure themselves. Printers with embedded security features, for example, provide continuous monitoring and self-healing capabilities in the event of an attack. In addition, some smart printers come with print security solutions that ensure only authenticated users can access your print network and keep your data encrypted.

The most recent Cyberthreat Defense Report from the CyberEdge Group found that 77 percent of organizations were victimized by one or more successful cyber attacks in 2018. The threats are everywhere and persistent, and the last thing an IT pro wants is to be their own worst enemy. By taking these steps and remaining vigilant, you can make sure your IT team is stopping threats—not introducing them.

  • Recommended for you
  • Recommended for You