[BreachExchange] IT Professionals in Today’s Challenging World of Corporate IT Infrastructure

Destry Winant destry at riskbasedsecurity.com
Mon Aug 27 09:03:58 EDT 2018


https://hackercombat.com/it-professionals-in-todays-challenging-world-of-corporate-it-infrastructure/

The 2017 US National Initiative for Cybersecurity Education has
revealed a very bleak state of the readiness of the United States in
defending and responding to cybersecurity threats, as an estimated
285,000 Cybersecurity job vacancies remain unfilled. Most of the
security professionals are not products of big universities and
colleges, but rather self-taught individuals that are passionate about
the cybersecurity sector.

As a stop-gap measure, private companies and government offices
nationwide depend on 3rd party certified people to help cover their IT
security needs. However, there is a big gap between holding a
certificate and having a real world experience in dealing with cyber
defense issues in both the public and private sectors. Many
enterprises have resorted to just training workers, allow them to take
certification exams and assign to them the heavy burden of protecting
the IT infrastructure even if they lack real-world experience.

As the exploits and vulnerabilities grow due to newly discovered
flaws, the non-experienced IT staff trained under a non-real world
security key indicator is no longer enough to cover the bases. How can
enterprises adjust to the fast-changing environment? How can they face
the threats against their IT infrastructure without spending a lot
with hiring expensive cybersecurity professionals, that may be beyond
their budget? These two questions we will try to answer, with our
advice below:

Know the data that the company stores and use

The company needs to define its priority when it comes to the data it
stores. Corporate data created by its employees and the data of their
customers they hold under a legal consent agreement. This initial
definition is very important, given that GDPR has taken effect since
May 25, 2018, which covers all companies that operate online and
transact with an EU citizen. People transacting with the company give
their consent for the former to store their data, even the personally
identifiable information. This is held under trust, and the moment
that same trust is broken, that can basically end the business. The IT
team member needs to fully grasp the very foundation of their job and
the company because with full disclosure and understanding they are
more motivated to do everything possible not to inflict damage or
cause trouble.

Use industry standard automation tools as aides to human IT staff

We are in a period of time where having just one go-to person when it
comes to the day-to-day operations of the IT infrastructure is just
asking for trouble. We are in a period of massive deployment of
automation tools in order to lessen the burden to the IT team of
running and keeping the IT infrastructure in good working condition.
Automation scripts can be acquired for free or for a fee, free and
open source scripts are available for download and adaption for the
enterprise. Custom automation scripts can also be bought from
development vendors, its distinct advantage over open source ones is
the level of technical support is available for them 24/7.

Promote the culture of fully embracing change

In today’s world, changes are the rules, not the exception. Companies
need to implement strict Change Management policy in order to roll-out
changes with less chance of failure. One of the worst things that can
happen after a change is the system no longer works as expected, and
the change management policy lessens the bad impacts of changes. An
effective change management-aware IT team is key in order to remain a
step ahead of the competition.

Cooperate and coordinate with government agencies through transparency
and building trust

Governments are not persecuting business entities, but to maintain a
quality business environment and safeguard consumer rights and promote
their protection. Companies need to be aware of local laws and rules,
as a non-cooperation can bring bad publicity for the firm.


More information about the BreachExchange mailing list