The 7 scariest monsters in tech

Ghastlier than malware, these IT hellions can turn your tech department into a horror show -- quick

By , InfoWorld |  IT Management

"The truth is you can't stop them," says Mical. "Unfortunately, today's exploits are constantly evolving, so signature-based threat detection won't work. You need an integrated technology that allows you to forensically monitor your computers and network communications for suspect behavior. You want the ability to see what's happening across the network and with your traveling employees, so when cyber security practitioners see something unusual they can say, 'Something's not right here.'"

But early detection alone isn't enough, says Rob Kraus, director of the engineering research team at Solutionary, a managed security service provider. You need to respond quickly and thoroughly, then analyze the attack and your response afterward so that you'll do better next time. Having a close relationship with your ISP helps, says Kraus, because they can help isolate the attackers and get your business back online.

"Organizations are usually unprepared to defend themselves against threats, mostly because they never believe it will happen to them," he says. "But now they're starting to believe it."

IT monster No. 6: The Crypto KeeperHow to identify them: That demonic cackle as he clutches your encryption keys and won't let them go.

If your company handles sensitive data -- virtually all organizations do, these days -- you need to encrypt it to keep it safe from the aforementioned zombies, ghosts, and Frankenhackers. That means every enterprise needs a Crypto Keeper: someone to manage the encryption keys and the policies around them. If that Crypto Keeper goes rogue, though, you're in for a real horror show.

If the Crypto Keeper withholds, corrupts, or loses the keys, the data your company runs on could become inaccessible, says Rami Shalom, vice president of data encryption and control for SafeNet, a cloud-based data protection company.

"This is a real concern for enterprises," says Shalom. "You have to make sure when you use crypto that you don't increase the risk of losing data -- not to someone else, but permanently. When your keys are eliminated, that could put you into deeper trouble than if someone else got their hands on your sensitive data."

Your best defense: Don't leave your organization's encryption keys in the boney hands of an animated corpse or trust them to a single admin who could go rogue, says Shalom. Separation of duties and giving different people responsibility for different parts of the process can protect you.

Originally published on InfoWorld |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question