Ghastlier不是恶意软件,这些IT恶徒可以把你的技术部门为恐怖秀 - 快
他们是那个噩梦制成的东西,困扰着IT专业人员的梦想,让他们粗鲁的野兽醒来一身冷汗。仔细看,你会开始看到他们无处不在。
Witness the bloodthirstyWarewolveswho use software audits to squeeze more money from you,BYOD Vampires谁从关键业务应用程序,以及盲目吸了所有的带宽键盘僵尸who lose sensitive data and introduce malware to the network. You'll also need to be wary of malicious insiders (在机器幽灵), attackers with an agenda (Frankenhackers),谁威胁流氓管理员来保存你的数据赎金(Crypto Keepers).
[ Also on InfoWorld: Beware thenine circles of IT hell,并学会避开20 common IT blundersand the12 "best practices" IT should avoid at all costs。|欲了解更多IT管理智慧,报名参加鲍勃·刘易斯咨询热线简讯。]
Perhaps the scariest of all:Shape-shifting managers谁承诺世界的客户和他们的老板,然后离开你承担责任的时候,他们无法提供。
幸运的是,灵丹,木桩和驱邪是可用的,如果你知道去哪里找。以下是如何出去闯荡,而不用担心。
IT monster No. 1: WarewolvesHow to identify them:Empty promises, lots of teeth. Also, their hair is perfect.
Some software vendors are warm and fuzzy when you're signing contracts and writing checks. But when the moon is right, they won't hesitate to rip out your trachea -- or, worse, call for a software audit, says Rob Scott, managing partner of Scott & Scott LLP, a law firm specializing in software and intellectual property disputes.
"This is what really should be keeping IT managers up at night," says Scott. "It's notwhen the data center goes down,这是当第三方有一个大的合规申诉来临时,你所面对的诉讼。这些都是各种各样的东西,让人们被解雇。”
IT managers are the ones who end up howling when the Business Software Alliance, the Software and Information Industry Association, or a Big Four accounting firm wants a look at their books. Even for companies in compliance, a typical audit process takes a year or more, says Scott, and many publishers don't specify what they'll accept as proof of compliance until an audit is already under way.
组织,如BSA,这提供赏金给员工谁老鼠出来他们当前的或former employers, add to the horror, he says.
"Oftentimes the whistle-blowers are the ones who were responsible for keeping the company in compliance in the first place," he says.
Your best defense:There is no silver bullet, says Scott. Stay in business long enough and a software audit is virtually inevitable. But having your records in order helps a lot, he adds, and cloud-based services are typically easier to manage.
Large companies need to implement a software asset management system and reconcile their records at least once a year, if not more. But the best defense is to negotiate for a clean slate when signing any new licensing agreements, Scott says.
"When you draw up the new agreements, make sure you get a release of any backward-looking claims," he advises. "At the time you're writing the checks, everyone needs to be comfortable with your counts, your documentation, and any potential compliance issues."
IT monster No. 2: Keyboard ZombiesHow to identify them:They move slowly and eat brains,但很少表现出任何。
These creatures plod along, day by day, mindlessly copying sensitive data to USB drives or attaching them to email messages, where they are promptly lost, creating a huge security and legal mess for their employers.
这种类型的僵尸不是恶意的蒂姆·马修斯,在赛门铁克的信息和身份保护产品营销的高级主管说。事实上,大多数人认为,他们试图让在家里或在道路上所做的工作是有帮助的。
“最大的问题是善意的内幕谁也不知道他不应该把自己的电子邮件敏感文件或将它们复制到闪存驱动器,”马修斯说。“或者,他知道他不应该这样做,但感到它是一个非常小的风险 - 就像去商店的时候买牛奶不系安全带他认为没有人会知道,或者他们也不会丢失数据,但在许多情况下,它最终被丢失“。
The other kind of zombie is one that falls for phishing emails or scareware scams, unwittingly installing malware that can steal data or bring down the network.
"Both of these types of insiders make the wrong choices and go about their days in a trancelike state, oblivious to the security risks they pose to the organization," he says.
Your best defense:While you could cut off their heads, the HR paperwork would be murder. A better fix is to fill their heads with information, so at least they know the rules and the risks, says Matthews.
But because not all zombies can be educated, smart organizations should alsoimplement a data loss prevention solution该块被附加到电子邮件,复制到U盘,或上传到云存储服务的敏感信息,他说。或者,该系统可以使数据行程,但它已经加密之后。
"Typically, once people know the DLP is in place you see the number of incidents go down, as people start paying closer attention to their own behavior," he adds.
IT monster No. 3: Bandwidth VampiresHow to identify them:皮肤蜡黄,从屏幕上盯着布满血丝的眼睛,经常看到拿着iPhone手机。
They may be bringing their own devices to work or keeping their YouTube addiction to lunch hours, but these fiends are still feasting on your bandwidth, draining the lifeblood from your network.
TheBYOD revolutionin particular has caused a strain on network bandwidth, especially as more business-critical apps are delivered via the cloud, says Jim Melvin, CEO of AppNeta, a provider of cloud-based performance management and end-user experience monitoring services.
"These vampires are everywhere," he says. "Some are updating iTunes or streaming Pandora Radio, others are playing games or updating Facebook. The really scary ones are downloading media files and installing viruses. Not only are these people not doing their jobs, they're also slowing everyone else down. Then suddenly your IP phones stop working because somebody is downloading a BitTorrent."
Your best defense:Sunlight. The first step is to find out who's sucking up all the bandwidth and bring them into the light of day, says Melvin.
"These companies all have policies about what you can and can't do on their networks," he says. "The problem is they have no idea what people are actually doing, so the policies are completely unenforceable. Our solution is to bring these bandwidth vampires out into the sunlight and watch them melt."
Another option: Deploy software at the network gateway to dictate how much bandwidth each device will be allotted for YouTube, Facebook, and other nonbusiness applications, says Tim Naramore, CTO for Masergy, a provider of managed network services.
"To drive a stake through the heart of employee-owned devices you need to shift your network controls from the endpoints to the network," he says.
IT怪物第4:在机器幽灵How to identify them:You don't -- they're invisible. But every so often they leave telltale traces behind.
喜欢键盘僵尸在机器鬼把企业敏感数据带来风险 - 但这些恶意内部人员有意的和经常的利润。还有2种鬼说,赛门铁克的马修斯:一个寻求报复,另外找一个发薪日。
"The first kind is usually a good employee who's been doing good work, only something happened at work that caused them to be disgruntled," says Matthews. "The other kind is the opportunist. He's looking to rip off a company's intellectual property to start his own company or sell it to your competitors."
With the collapse of the Soviet empire, many old-school spies are turning to corporate espionage and recruiting operatives inside U.S. companies, says Matthews.
Your best defense:你要给谁打电话?如果捉鬼敢死队不可用,你的下一个最好的办法是与HR坐下来定期和鉴定人谁可能构成威胁。这可能是谁一直错过了晋升或已入围下一轮裁员的中层经理。这可能是谁的次数远远多于正常行驶的海外雇员,他们的抵押贷款是在水下,或有大的医疗费用配偶 - 从本质上讲,脆弱性是一个老牌间谍牧马人将尝试利用此点。
一旦潜在的幽灵已确定,它专业s can use a DLP system to flag anomalous behavior -- like if someone is accessing files they shouldn't or copying higher volumes of data than they normally would -- and bring it to HR's attention, says Matthews.
“不可避免的动机是报复或者贪婪或者,”他说。“他们得到了他们的手在某些Intel,和他们去尝试,并把它卖给别人。他们经常在雷达下飞行。但生活在网络世界,因为我们做的,我们最终抓住了不少,这些人的。”
IT怪物第5:FrankenhackersHow to identify them:They're assembled from many parts and destroy everything in their path.
What's scarier than an ordinary hacker? A hacker with a social cause bolted onto his or her quasi-criminal activities. Whether they're graybeards or script kiddies, a determined group of hacktivists can wreak havoc with your data, your network, and your company's reputation -- at any time, for virtually any reason.
Just ask Sony, PayPal, HBGary, or any of the dozens of other corporations that have been publicly pwned by Anonymous and its offshoots. There's no telling what might set off Frankenhackers, and there's no way to persuade them to leave you alone once you're in their path of destruction.
Worse, they may have friends on the inside, says Jason Mical, director of network forensics for AccessData, a digital investigations and litigation support firm.
“他们是有组织的,”他说。“他们所从事的信息共享。他们有能力大规模协作的,因为他们已经建立了明确的通讯线路。老实说,在任何公司或政府机构的任何员工可能是黑客行动主义的朋友或者甚至一个成员黑客行动主义小组“。
Your best defense:You'll need more than torches and pitchforks -- or antimalware and intrusion prevention systems -- to fight off Frankenhackers, says Mical.
“事实是你不能阻止他们,”米卡尔说。“Unfortunately, today's exploits are constantly evolving, so signature-based threat detection won't work. You need an integrated technology that allows you to forensically monitor your computers and network communications for suspect behavior. You want the ability to see what's happening across the network and with your traveling employees, so when cyber security practitioners see something unusual they can say, 'Something's not right here.'"
But early detection alone isn't enough, says Rob Kraus, director of the engineering research team at Solutionary, a managed security service provider. You need to respond quickly and thoroughly, then analyze the attack and your response afterward so that you'll do better next time. Having a close relationship with your ISP helps, says Kraus, because they can help isolate the attackers and get your business back online.
"Organizations are usually unprepared to defend themselves against threats, mostly because they never believe it will happen to them," he says. "But now they're starting to believe it."
IT monster No. 6: The Crypto KeeperHow to identify them:That demonic cackle as he clutches your encryption keys and won't let them go.
If your company handles sensitive data -- virtually all organizations do, these days -- you need to encrypt it to keep it safe from the aforementioned zombies, ghosts, and Frankenhackers. That means every enterprise needs a Crypto Keeper: someone to manage the encryption keys and the policies around them. If that Crypto Keepergoes rogue不过,你在一个真正的恐怖秀。
If the Crypto Keeper withholds, corrupts, or loses the keys, the data your company runs on could become inaccessible, says Rami Shalom, vice president of data encryption and control for SafeNet, a cloud-based data protection company.
“这是企业真正的关心,”沙洛姆说。“你必须确保当您使用的密码,你不增加丢失数据的风险 - 而不是别人,而是永久当你的钥匙被淘汰,可能把你带入更深的麻烦比如果别人得到他们的对敏感数据的手“。
Your best defense:Don't leave your organization's encryption keys in the boney hands of an animated corpse or trust them to a single admin who could go rogue, says Shalom. Separation of duties and giving different people responsibility for different parts of the process can protect you.
“在早期,IT管理员就像谁可以访问他们在任何时候想任何数据的神,”他说。“现在,你需要确保你没有一个单一的用户提供这种力量。企业需要找到办法,具有相同的密钥的多个副本和复制的密钥管理系统在多个位置,这样一来,即使一个人决定做破坏数据仍然可以检索“。