Security is everybody’s job, says expert

You want to protect your network? Then give your staff some lessons on security.

This advice comes from Howard Schmidt, chief security strategist, US Computer Emergency Readiness Team (CERT).

Schmidt previously worked in the White House as presidential advisor on cyber security.

Stressing that security should not be viewed as a problem for experts alone, Schmidt urged organizations to “operationalize” IT security. “We have to look at security (at) every level of operation. Security is everybody’s job,” he said.

Security professionals act as “enablers” by setting up policies, but policies alone won’t do the trick, he said. Instead, corporations should ensure that all employees are trained to understand security. And this, he said, includes security training and certification for their IT staff.

Vendors, he noted, tend to blame end-users for security breaches. Rather than pointing a finger, vendors should educate users and give them the tools they need to avoid such breaches.

Schmidt also debunked the notion that attacks are only targeted at specific groups, such as defense agencies or financial institutions. Hackers look for vulnerabilities and not specific IP addresses, he said. Determining where these vulnerabilities exist is key.

According to Schmidt, the less complex the network is, the easier it will be to find holes in it. “A well-defended network is a well-designed network…the difficulties in defending a network have to do with its complexity.”

Schmidt said when selecting a security vendor, technology should be the deciding factor. “Look at the technology they offer instead of the size of the company.”

The quest for network security, however, does not end with the selection of a vendor and rollout of its technology.

Regular maintenance, such as keeping patches up-to-date and addressing known problems instantly, could spell the difference between security and vulnerability, he said. “Eternal vigilance is the price of security. Develop processes to make sure it’s being taken care of on a regular basis.”

Schmidt emphasized that IT security is an on-going expense and said vendors must be able to communicate that clearly with the customer. “It is not something you can plug in and walk away.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now