We continue to allow breaches despite the best cybersecurity practices in the industry
The Colonial Pipeline is slowly getting back online and replenishing the gas supply in the Southeast United States, but this does not lessen the financial loss and sense of vulnerability that citizens from Florida to Virginia are currently experiencing.
Colonial Pipeline is the latest in a series of breaches that have impacted a long and growing list of other businesses – all ambushed by some individual or group that managed to hack through cyber security “industry best practices.”
The situation is only getting worse. There are daily reports about prominent health care providers, government agencies, or retailers being hacked – thereby releasing millions or billions of pieces of sensitive information on the dark web.
An army of information security professionals guards these critical resources for health care providers and government agencies.
These professionals have impressive credentials and certifications such as the Certified Information Systems Security Professional (CISSP) and the Certified Information System Auditor (CISA). Several even hold academic credentials, including bachelor’s, master’s, and doctoral degrees in information security. “Best practices” are embraced by all of them.
With impressive credentials, these professionals are experts in tedium. Audits are a familiar subject to them. Paper can be pushed by them without a problem.
In their painstaking reviews of endless accounts, they can determine which users are given system access and which ones are not. If they propose a new password policy, they can write impressive 100-page missives explaining why it is necessary.
The team can argue with developers about the need for a more difficult job.
When their security fortress breaks down, what do they do? Eventually, someone can be blamed for what happened. An ignorant user who has his computer exploited in a way he cannot understand can explain it to them. It is possible for them to identify “the vendor” of a piece of equipment and to blame them for malfunctions.
With all these impressive credentials, shouldn’t we be getting better at this “information security” thing? What exactly is the problem?
“Best practices” are not industry-specific.
“Best practices” in the industry are not only not “best”, but they are also dangerous.
As an example, “industry best practices” recommend that network administrators should be administratively confined to their stations. The desktop, server, and storage resources should not be visible to them. As well, server administrators should be administratively restricted from monitoring network information or anything else that isn’t directly related to their job functions.
By applying these practices, technical specialists are rarely able to detect anomalies – a warning sign that a breach of security has already taken place and someone is preparing to strike.
With the Field Engineer platform, employers’ recruitment challenges can be simplified
Find freelance Server Administrator work on the Best Freelance Marketplace at Fieldengineer.com. Employers looking for candidates with the right skills can find you through it. With over 60,000 engineers available in 195 countries, it is a convenient resource for employers who want to hire specialists.
The server administration services
In server administration, tasks are carried out inside the server to make sure it functions as you’d like it to, such as managing virtual machines and installing programs.
If you have any questions about managed server services, do not hesitate to contact us! We are looking forward to talking with you.