Security Vulnerabilities - Who is to blame?
What used to be an occasional attack on celebrity computer systems, an occasional breach of security for major retailers, and even a rare glimpse into a government institution’s database, has become a common category of news. News and media outlets on regular hacks, breaches, and cyber attacks to celebrity cloud storage, major retail chains, and even recently, the U.S. Senate are constantly updating us. But, who is to blame for all of these attacks?
IT security, and therefore IT security data breaches rely not just on one resource for protection, but the combination of three: people, process, and technology. If you have money in a bank, if you have shopped in a retail shop, and of course, if you are able to access this blog post, you rely on IT security. It is everywhere, and every IT security system relies on these three core resources to protect information and other critical assets.
How do each of these play a part in IT security? Let’s compare an IT system to something as simple as your home. At home, we follow different measures daily to guard valuables, protect the family/pets, and only allow authorized residents and guests into the house. If you have an electronic alarm system, you may set the alarm code before you leave home, exiting in an allocated amount of time, ensuring that the alarm is set; if you do not have an electronic alarm, you lock all the windows and doors before you leave - no matter the length of time you are away.
Core resources for home & IT security:
- People: In a single person home, you are one of the greatest assets in protecting the home and valuables; similarly, for a family, parents and guardians and older children are similar to middle and upper management in larger organizations. While parents teach their children to take safety precautions throughout the home, business management must also relay the importance of security to all staff. In a business, each staff member has to be aware and actively responsible for their actions - securing passwords, creating secure deliverables, reporting and recognizing suspicious activity, and being mindful of suspicious emails sent to individuals or groups.
- Processes: If renting, your landlord or lease have likely included a set of procedures, guidelines, and best practices to ensure safety of home and the property. Similarly, if you own your home, you have developed your own set of procedures to ensure safety of all residents, pets, valuables, and the home itself. A lack of a defined process will directly result in a vulnerabilities and unpredictability. This is the same for IT security. A process defines the who, what, where, when, and how an object is to be met, with enough detail for all people to perform within the environment. As management may notify staff of security awareness, all employees must follow defined processes for each role before and after a task, to ensure consistent results and avoid deviations from a secure environment.
- Technology: At home, the technology used to strengthen security is dependent upon the people, the processes, and the tools available. Each resident’s knowledge of the home and all residents/pets that might be at home, the procedures necessary to lock up and arm the alarm systems correctly, and the current security systems (from electronic to deadbolts), work hand in hand to best protect the home. Similarly, the staff, the processes, and the tools available in a business or IT system must work in congruence to ensure that the system is secured given the resources.
It is ultimately the responsibility of all three of these resources to ensure greater and more complete security to a system, environment, or even home. Improper management of these security systems will result in the compromise of data, and data breaches. By considering the combination between people, processes, and technology, learned best practices can continue to help achieve stronger security.
For more information on protecting data security, the 3 key resources of Security, and vulnerability awareness, check out our White Paper, “Protecting the CIA,” published by our Function1 Security Practice. Download the Security White Paper here