Most of us have an idea of what cyber-security is, but our definitions probably vary quite a lot. So before we can begin to take steps to protect ourselves and our systems, we have to decide first, exactly what we’re trying to protect ourselves from. Let’s take a look at some of the different perspectives.
The IT Manager
The IT Manager probably thinks that cyber-security focuses mostly on system security, whether against DDOS attacks or downloaded malware by one of the guys in the sales department. He’ll likely publish a policy against connecting any private devices or USB memory sticks, running any non-approved programs or data files or visiting any proxy or unapproved P2P sites.
He knows there are plenty of nasties out there in the wild and he is bent on keeping them out in the wild. He also knows that good-hearted but naive users are often the biggest risk to security.
The Collateral Duty Webmaster
This individual may be one of the engineers or a salesman that just happens to be more savvy than the others in the company, and because management decided that the company doesn’t really need a full-time webmaster, Jack or Jill is the perfect candidate for the job. After all, they just need to run weekly backups and set up email accounts for the new-hires, right?
Jack or Jill, unfortunately, have no security background, so they figure all that’s really needed is antivirus protection and a firewall. The idea that network security means a lot more than that is foreign to them. They may even spend some of their own time learning how to configure Raid-10, but they probably never give a thought to taking measures to protect the company from a data breach.
This person also has very little perceived authority, so even if they attempt to establish sound user protocols, those protocols will probably gather more dust than observance.
The Noob Webmaster
This is probably a young kid, recently graduated from college with a computer science degree. It’s his first job as Network Admin, so he couldn’t demand a very high salary… a point that probably make him attractive to management. On the plus side, his education may have given him some decent exposure to the ins and outs of the SysAd realm. One might reasonably hope that he’s up to date on the current techniques and programs necessary to manage the system securely.
On the down side, though, he’s probably still wet behind the ears, so his experience is limited. Odds are that, at best, he’s only as aware of current cyber-risks as his professor was – which may not be very up to date, at all.
He’ll probably generate a ton of memos, citing the risks of visiting questionable sites, using a USB that has also been used at some internet cafe (or found at a Starbuck’s). He may even establish some ongoing training for users that includes some security considerations. But he probably doesn’t have much clout, so for the most part, his advice will be ignored.
The Average User
These days, most employees that work on a computer are also relatively savvy about using the internet to find what they’re looking for. Some may be power users, with years of surfing under their belts, and others may be relative rookies, that are challenged to do much more than play Farmville or WOW.
When it comes to their job, though, most of them know what they need to know in order to get what they need out of the system. They may be very proficient at entering and processing orders, compiling projections for next year’s budget or performing granular cost analyses for the Plant Manager. Security, though, is someone else’s job – something they don’t even think about. After all, their work is all internal. The closest they get to the outside world before 5PM is when they open their email client.
Except, of course, when the SysAd does something that stops them cold in their tracks. Running a CRON job first thing on a Monday morning, when they’re scrambling to get orders into the stream, prepare weekend reports and get the VP that analysis of last week’s production is not the time they care to see the system choke. Seems like the only time they’re even aware of all that stuff the SysAd likes to send out memos on is when he’s getting in the way of them doing their job!
The Client Department Managers
Depending upon how e-savvy the managers of the client departments are, their attitudes may run hot and cold. If one has ever suffered a big hit because of poor cyber-security, he’ll probably be supportive of preventing a recurrence of that disaster.
If he’s ever had one of his subordinates cause a company-wide virus infection or a loss of sensitive data by logging into Limewire, it’s a safe bet he’ll reinforce your warnings about any actions outside of the intranet.
Understand though, that his enthusiasm for security may convert to nothing but lip service when network maintenance affects his ability to have instantaneous access to the data he uses to run his department. As soon as he’s told that a report he needs for a meeting in an hour may not be ready because you’re shifting servers… well, it’s usually not a pleasant exchange.
John or Jane Q. Public
John and Jane are an increasingly larger slice of the millions of users online each day, using the internet for a variety of purposes. Connectivity has increased dramatically in speed and availability, especially in the last decade, to the point where there may now be more connected devices than people.
Many Internet users are aware of the need for antivirus protection and prudence in opening email attachments, but amazingly, not all. And now that mobile devices have become more prevalent than desktop computers among private users, the percentage of people that blindly assume their smart-phone is safe is amazing.
Since many of those devices, including tablets, are bluetooth equipped, new infections have been engineered that don’t self-activate until they detect an open portal nearby, thus ensuring their spread before exposing their presence.
With around 300,000 new viruses being detected each day, infection isn’t a question of “if”… but rather “when”. Understanding that and embracing every prudent method of protecting oneself is critical, whether you’re SysAd for a major corporation, a research clerk in the sales department or simply trying to teach your children how to use the Internet without trashing that cool new iPhone their grandmother just bought them.
In other words, you need to consider all the above perspectives, in order to give yourself the best chance of avoiding a catastrophe.
Image credit: (flag/eagle) http://thepctool.com