IT pros advised 'lock the front door'
IT security can overwhelm even the most seasoned security expert when headline-grabbing threats like 'Spamhaus DDoS' are brought to the forefront by media.
That is the view of IT management software firm SolarWinds, who have outlined six security threats that many IT professionals never think they'll face - until they do of course.
"In the pursuit of defending against the latest and most sophisticated attacks, we find many IT professionals doing so at the expense of fundamental security controls," says Javvad Malik, senior analyst, 451 Research.
"IT security is not always about over-complicated issues or threats, but doing the basic steps to ensure you have a secure foundation in place."
So, what should IT professionals look out for?
1. Targeted espionage
While security experts may know better, many IT pros might think: "My organizsation is not a high-value target. What do we have that anyone would want?"
In reality, the answer is more than they would guess.
Sensitive and personal information like credit card and social security numbers, patient records, to name a few.
Plus, with direct access to the breached network, they could do damage to other organisation's networks.
2. Unintentional or accidental loss of that data
Aside from organisations placing a great deal of trust in their employees and believing that their policies are adequate, what might take IT pros by surprise is simple employee ignorance.
Due to the proliferation of personal mobile devices, employees are taking their work home with them more often.
This has made it extremely difficult to keep track of who and what is connecting to the network, resulting in less control and increased security risks.
3. Denial of Service Attacks (DoS)
DoS and DDoS attacks are among the inventive hacking practices on the rise that could bring down business critical services, inhibiting user access and business continuity.
IT pros may get caught off guard with this type of attack since, in many cases, it's the result of someone out to wreak some havoc.
4. Understaffed IT team
As organisations grow and bandwidth for time and resources are taxed, it's easy for over-extended IT pros to overlook existing rules and inadvertently open security holes simply by not knowing the full impact of their changes, or for under-experienced IT pros to not know what to monitor and what tools to use.
5. Phishing attempts
Culprits masquerading as a trustworthy entity attempt to acquire usernames, passwords, credit card details, and account information to gain access to a system through email or via instant messaging.
Organisations which are most affected believe that their controls are good enough, relying on junk mail as a catch-all or their users to know when and when not to open suspicious email.
6. Malware exploiting common vulnerabilities in Java and Flash runtimes
For many, if not most, companies, third-party applications like Java and Flash are critical infrastructures required to use a large number of business applications.
Organisations are prime targets for infestations when IT pros assume that the most recent application version is security-proof, they are not up-to-date on their patches, or when they don't have full account of all the applications installed by end users.
But before you booby-trap the perimeter, lock the front door
According to SolarWinds, it's easy to get caught up in preventing what-if scenarios, but it's most important to remember Security 101 - the basics of what every IT pro should consider when securing their network, including:
* Define and establish security policies and rules
*Document your network, policies and access
*Continuously track and monitor activity and behavior with real-time alerts and reporting
*Automate with software tools where you can
*Have an incident response plan including when to notify corporate legal, PR and customers/clients
* Regroup after an incident to ensure appropriate actions have been taken to mitigate risk in the future
*Use operational management tools to gain insight into suspicious behaviour
Is your company taking the correct security precautions? Tell us your methods below