Why IT Managers Can’t Believe All That They Read About Security Breeches

Image Credit Just because you can't keep them out, does this mean that IT Managers can ignore hackers?
Just because you can't keep them out, does this mean that IT Managers can ignore hackers?

If an IT Manager picks up the paper, it seems like hackers are everywhere and getting into everything. Dare I say these modern day cyber pirates seem almost unstoppable? If it turns out that there is no way to keep hackers from breaking into the systems that your IT dream team is creating, then should a IT Manager really spend a lot of time and money trying to keep them out?

The Myth Of The Super Hacker

If you spend any time reading the newspapers, it can be easy to feel that every company out there is under assault. Teams of skilled hackers who go by names such as LulzSec and Anonymous seem to be in the news every other day as they take down or deface various high profile web sites.

No matter what safeguards these firms seem to have had in place, still the hackers seem to be able to slip by them and have their way with almost any IT systems. What’s an IT Manager to do?

The first thing that you need to do is to realize that you can’t lump all hackers together. Yes, there are some very skillful hackers out there who have the ability to cause a great deal of grief for any IT team that they decide to target. However, the good news is that the majority of hackers are not so skillful.

When you are reading the newspaper, you need to take a close look at what actually occurred as a result of a hacking exploit. Did a talented hacker break in and steal valuable customer data? Or, did the IT team just suffer a distributed denial of service attack (DDOS) – a much less skillful form of digital vandalism?

Not all hackers are created the same, and IT Managers need to show some leadership and protect the systems that they are designing from the majority of hackers who are simply looking for an unguarded door that will allow them to break into your digital warehouse of customer data.

What IT Managers Need To Do To Defend The Company

All of this discussion leads us back to the basic question: what should a IT Manager do? The very first thing that a IT Manager needs to do is to not give up hope. Don’t just assume that all criminal hackers are gods. The reality is that most are not. This means that you can’t afford to let your guard down because in most cases the basic steps that you take to secure the systems that your team is working on will be good enough to keep the bad guys out.

This won’t keep the really bad, really skillful guys out. This is when your so-called second layer of defense needs to come into play. As an IT Manager you are going to have to assume that a skilled hacker who really wants to break into your systems is going to be able to climb over the wall of defenses that you’ve put into place.

The question then comes down to what they’ll find once they are in. If you make it easy for them, like T.J. Maxx did when 45 million of their customer records were exposed to hackers, then they’ll be able to run wild. However, this doesn’t have to be the case.

If you anticipate this type of event happening and set up safeguards, you can minimize the amount of damage that a skillful hacker can cause. One of the simplest steps that you can take is to encrypt all customer data that flows between your internal systems.

What a step like this means is that even if hacker gets inside of your systems, he or she won’t be able to easily get their hands on your valuable customer data. Additionally, rogue employees, a much greater threat than skilled hackers, will also be unable to walk off with your company’s crown jewels.

It’s the responsibility of the IT Manager to consider likely scenarios like this. Once you’ve identified something that could happen, you are then obligated to take all of the necessary steps that will be needed to protect your IT team against lawsuits, fines, investigations, and, of course, post-event clean up activities.

What All Of This Means For You

Welcome to the real world IT Manager – stuff happens here. Specifically, there are always going to be hackers out there who are looking for companies to break into. The systems that your IT team is working on could be next on their list.

If you take a look at all of the stories that are being reported in the press lately, it sure seems as though the hackers who are operating these days seem to be able to effortlessly slip into and out of any IT system that they choose. Nobody seems to be safe.

However, if you take a closer look, things become a bit clearer. Specifically, what you’ll discover is that there are actually two types of hacking going on: the simple distributed denial of service attacks and the more sophisticated break-ins. You may not be able to protect your systems against an attack by skillful, educated hackers. However, your management is expecting you to take steps such as encrypting your data so that even if they do get in, the amount of damage that they can do will be minimized.

IT Managers can’t give up. Yes, the bad guys are going to win some of the battles. However, that doesn’t mean that the war is over. Instead, IT Managers need to take steps to make sure that most hackers can’t get in and the ones that do can’t do much once they do get in. Make the effort now and you and your IT team will be safe later on.

– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Management Skills™

Question For You: What types of system data should be encrypted and what types should you not worry about encrypting?

Click here to get automatic updates when The Accidental IT Leader Blog is updated.

P.S.: Free subscriptions to The Accidental IT Leader Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time

Who out there likes to create budgets each year? Probably nobody – it takes a lot of work! I’ve got some good news for you, there might be a simpler way to do all of this. All too often IT managers sit down and try to create a single master budget. This can be very hard to do. I’ve got a better way for you to accomplish the same thing in a much shorter amount of time!