Challenges Facing IT and Security Professionals

It has been said, the only constant is change (Mark, 2018). This is especially true in the fields of Information Technology (IT) and Security. In 1995 about 1% of the population had a connection to the internet. This number grew to 50% of adults by 2015. This is astounding growth if one considers that today over 50% of adults worldwide have the ability to connect and transact business on the internet (Internetlivestats.com, 2018).

This growth continues to create new business models and opportunities to replace or change traditional brick and mortar establishments. This same growth creates new opportunities and challenges for IT and Security professionals as well. The magnitude of issues facing IT and Security Professionals grow daily with the introduction of new technology and the growing number of connectivity options.

This paper examines a subset of issues impacting IT and Security professionals today around devices, connectivity and privacy data. Finally, the author will offer insights into potential remedies to address the problem.

Constantly Connected Mobile Devices

One of the more fascinating aspects of the networked world is the ability to be constantly connected. Mobile computing platforms, like the Smartphone or Tablet Computers, are the fastest growing segment of computing today. The number of smartphone users is forecast to grow from 2.1 billion in 2016 to approximately 2.5 billion in 2019 (Statista, 2018).

These devices are powered by chips that eclipse the power of a mainframe computer just 30 years ago (Puiu, 2018). Nazir, Samaha and Samaha (2017) discuss how smartphones have become ubiquitous in people’s lives. This research investigates the negative impact of the devices and the impact on the user community. As usage increases, so does dependencies that may lead to online addiction.

When considering mobile usage, IT and Security Professionals have a different set of concerns, like how to keep users and data safe. In today’s constantly connected world, mobile users have the freedom to access data almost instantaneously. This poses a greater risk to data loss or identity theft. The technology that allows a user to access their bank account may be providing an unethical individual the opportunity to steal your identity or access one’s accounts.

There are several networking tools available that allow users the ability to attempt to gain access to online accounts (InfoSec Resources, 2018). In many cases, these are the same tools that IT and Security Professionals use to trouble shoot networks. Leading computer organizations continue to develop new tools for IT and Security Professionals to stay ahead of the hacker community but this is an ongoing battle of first mover advantage. From new security protocols to forcing harder password protection this is a never-ending journey to keep users and their data secure.

Data at Risk

No matter how good security may be for data in motion, one also has to be concerned about data at rest. When information is collected and stored about an individual, it is usually maintained in a database. Over the years, databases represent a tempting target for cybercriminals. Recently an unknown attacker stole information including emails, names, addresses, passport numbers and credit card information from the Marriott Corporation. This effected around 500 million users (Fazzini, 2018). While the credit card information was encrypted, Marriott can’t confirm if the actual keys used to unencrypt the data have not been compromised.

Another attack occurred this quarter at the United States Postal Service (USPS). The USPS tracking system was compromised allowing unknown entities the ability to track packages scheduled for delivery. The vulnerability is tied to an authentication weakness in an application programming interface (API) designed to help business customers track mail in real-time. This breach impacts about 60 million users (Khandelwal, 2018). While the list of compromised organizations continues to grow, so does the need for new and more robust security countermeasures.

In each of the cases referenced above, the IT and Security departments appear to have used acceptable security measures. This is the constant battle facing the profession today, how to stay ahead of the cybercriminal. Consider one example of why the problem is complex. The modern Enterprise Resource Management system (ERP) is comprised of millions of lines of code. This requires constant security audits and scans to determine if the system in question can be compromised. To adequately address the problem, security professionals must leverage a combination of physical and IT security to protect data and limit access to core systems. Now expand this equation to address the total number of systems in most organizations and one can see the magnitude of the problem.

Privacy Data

When one considers Personal Identifiable Data, the internet opens a host of opportunities for individuals to learn more about you. Try this experiment, launch your favorite browser and type your name into the Google Search Engine. Someone will likely be able to determine where you live today and the last two addresses associated with your name. If you use social media sites like Facebook or LinkedIn, they may be able to determine where you work, a profile of your friends and interesting facts about you. In many ways, the internet creates a data rich environment for both useful and malicious purposes. 

The amount of data available enables a cybercriminal to build profiles of an individual in a rather seamless manner. Various data sources are aggregated with other data until a corporation or unethical individual can build a pretty robust profile of you. Tsay -Vogel, Shanahan and Signorielli (2017) points out that IT and Security Professionals at major social media organizations are under intense scrutiny to protect the data of their user community. Major social media outlets have emerged as a prime target to gain access to your user data.

Unfortunately, there is no one security program available to protect everyone. Security and IT professionals continue to implement multi-dimensional models that considers the lifecycle of data from creation to decommissioning. As the problem moves from the individual to the corporation, various government entities are starting to exert additional regulations. The European Union (EU) has implemented strict guidelines around privacy data. Failure to comply may result in fines and forfeit an organizations ability to transact business in the EU (Eur-lex.europa.eu, 2018).

While the EU is promoting the rights of the end user in terms of data protection, other countries, namely Russia and North Korea, are running state sponsored efforts to influence elections or individuals on particular topics (Fortune, 2018). One has to consider the possibility that the next major world conflict may be a cyber verses traditional war. The growing influence of always connected mobile devices puts a large part of the population on the front line of this potential battle. Imagine a day, week or month without access to the internet and your online accounts. What is the level of harm or inconvenience this will cause you? 

As traditional brick and mortar establishments continue to close in favor of online shopping, what is the possible impact on the economy if the United States suffers a major denial of service attack for an extended period of time? What percentage of businesses will suffer significant financial harm? These are simple examples of what IT and Security Professionals deal with daily in the connected world.

Conclusion

Security and privacy concerns will continue to dominate the agenda for the foreseeable future. IT and Security Professionals must lead by example to help overcome the risk and realize the opportunity of users in an always connected world. This requires organizations to move from a reactive to proactive stance. Every system and procedure must be secure by design. This includes physical as well as computer security. Security training must be viewed as mission critical and be an ongoing mandate for the entire organization. 

Security and IT organizations must continue to lead the way with new and more secure devices, protocols and programs. A promising example of this type of innovation is found in the WIFI marketplace. To help secure mobile devices and wireless connectivity, WIFI Protected Access 3 (WPA3) is now available with stronger encryption and protection against brute force attacks. This helps the remote user and the home WIFI market to be more secure. Organizations must also put stricter guidelines in place for operating in wireless environments using Virtual Private Networks (VPN) for remote users. Innovations like WPA3 and VPN’s are not the only answer to the problem. To be secure requires a combination of technology with ongoing end user training around potential threats and risk.

From a regulatory prospective, various government entities have enacted strict regulations around the use and protection of privacy data. Social media and news outlets now have a renewed focus to identify and eliminate attempts that negatively influence or alter elections. This effort must be expanded to address the problem as a global issue. Taking the lead from the European Union, stricter government policies are needed to protect the rights of individuals. 

This is a complex problem with no one simple answer. Using a multiprong approach of physical, automated security with government regulations will help IT and Security Professionals stay one step ahead of this game of cat and mouse.

References

• Mark, J. (2018). Heraclitus_of_Ephesus. [online] Ancient History Encyclopedia. Available at: https://www.ancient.eu/Heraclitus_of_Ephesos/ [Accessed 1 Dec. 2018].
• Internetlivestats.com. (2018). Number of Internet Users (2016) – Internet Live Stats. [online] Available at: http://www.internetlivestats.com/internet-users/#definitions [Accessed 1 Dec. 2018].
• Puiu, T. (2018). Your smartphone is millions of times more powerful that all of NASA’s combined computing in 1969. [online] ZME Science. Available at: https://www.zmescience.com/research/technology/smartphone-power-compared-to-apollo-432/ [Accessed 3 Dec. 2018].
• Nazir S. Hawi & Maya Samaha (2017) Relationships among smartphone addiction, anxiety, and family relations, Behaviour & Information Technology, 36:10, 1046-1052, DOI: 10.1080/0144929X.2017.1336254
• Statista. (2018). Number of smartphone users worldwide 2014-2020 | Statista. [online] Available at: https://www.statista.com/statistics/330695/number-of-smartphone-users-worldwide/ [Accessed 3 Dec. 2018].
• InfoSec Resources. (2018). 10 Most Popular Password Cracking Tools [Updated for 2018]. [online] Available at: https://resources.infosecinstitute.com/10-popular-password-cracking-tools/#gref [Accessed 3 Dec. 2018].
• Fazzini, K. (2018). The huge Marriott hack started four years ago — investors should ask how the company missed it. [online] CNBC. Available at: https://www.cnbc.com/2018/11/30/marriott-hack-raises-questions-about-merger-diligence-tools-in-use.html [Accessed 3 Dec. 2018].
• Khandelwal, S. (2018). US Postal Service Left 60 Million Users Data Exposed for Over a Year. [online] The Hacker News. Available at: https://thehackernews.com/2018/11/usps-data-breach.html [Accessed 3 Dec. 2018].
• Tsay-Vogel, M., Shanahan, J., & Signorielli, N. (2018). Social media cultivating perceptions of privacy: A 5-year analysis of privacy attitudes and self-disclosure behaviors among Facebook users. New Media & Society, 20(1), 141–161. https://doi.org/10.1177/1461444816660731
• Eur-lex.europa.eu. (2018). EUR-Lex – 31995L0046 – EN. [online] Available at: https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML [Accessed 3 Dec. 2018].
• Fortune. (2018). http://fortune.com. [online] Available at: http://fortune.com/2018/07/20/us-cyber-security-russia-north-korea/ [Accessed 3 Dec. 2018].