Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

2/14/2019
10:00 AM
Kelly Sheridan
Kelly Sheridan
Slideshows
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

Security Spills: 9 Problems Causing the Most Stress

Security practitioners reveal what's causing them the most frustration in their roles.
Previous
1 of 10
Next

(Image: Milanmarkovic78 - stock.adobe.com)

(Image: Milanmarkovic78 stock.adobe.com)

Cybersecurity isn't an easy gig. It's tough to keep track of the most stressful problems because adversaries are constantly evolving their tactics and security threats are constantly changing.

In fact, the rapid evolution of threats is one of many issues plaguing security pros. The onslaught of emerging threats is made more difficult by lack of resources. All the while, employees are bringing unsecured smartphones and devices into office environments.

"You can't predict what you can't see, and so the adoption of BYOD policies at companies, combined with an increasingly complex network environment, leave organizations susceptible to attack," says YL Ventures principal John Brennan.

Movement to the cloud, vulnerability management, data governance, and choosing, implementing, and managing new security products compound the challenges and give security teams even more to worry about. For small organizations, where one person is responsible for securing everything on his or her own, the list of issues can be overwhelming.

Here, security pros across the industry share what's most stressful about their jobs. What is most stressful about your job? Feel free to jump in the comments section, below, and add to the list.

 

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Previous
1 of 10
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
CyberBoss77
50%
50%
CyberBoss77,
User Rank: Apprentice
2/28/2019 | 1:42:01 AM
Is it really China
Hackers are increasingly using false-flag operations that wrongly point the blame toward China. Because Chinese hackers often rely on publicly available cyber tools for their operations, it is easy to mimic their signature viruses, according to Tony Granims, a cyber security operations officers at Critical Strategies Group, a cybersecurity contractor that does cyber incident response and threat intelligence.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
2/26/2019 | 3:28:31 PM
Re: People avoiding responsibility
I hear you and particularly when the number of threats, actors and agents is many times your sole resource.  And they keep coming and attacking and coming.    Desktop support in particular can be your worst agent - they reimage (sometimes) and then put compromised data (which they do not know is compromised) back on the new system .... off to the races again.  We had one rep here who only knew to change group policy settings.  That was IT entirely.  Anything else?  Hah!   It is their problem too only they are tasked for inventory of systems, management of systems and fixing problems RIGHT AWAY because the use rhas a trip to Chicago tomorrow and needs it FIXED RIGHT AWAY.   Sheesh - I remember doing that.  Securituy?  That's YOUR job .
blackjack0021
50%
50%
blackjack0021,
User Rank: Apprentice
2/23/2019 | 3:26:12 PM
People avoiding responsibility
Security is a broad topic, so the concerns are equally broad. My Security role as Architect and Advisor is part coaching, persuasion, and influence trying to get both business and IT folks to take Security and their responsibility seriously. I get it, we focus on getting tasks done and naturally cut corners and overlook things outside that focus (google the invisible gorilla for a cute demonstration and insights there). What wears me down is constantly hearing that "security is your job, not mine". This is abdication of responsibility and accountability and flows from the top on down. We have 100 times more IT folks than Security people. Security can't micromanage how everything gets done. I mean it you're a dba then dba security is part of your responsibility... coder? secure code... network? securely config your devices, etc. Think "safety" in a factory... is it only a concern for the Safety Oficer? Obviously not! Real safety has to be part of what each person does every day, a habit built in to every process. However, for Security the resistance from the organization is considerable. It's too hard, too complex, too expensive, always changing, etc. I am not unsympathetic or unaware of business challenges... no business can actually budget as much for security as they should- but feeling like the lone voice in the forest while the wolves circle is what wears me down every week.
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9405
PUBLISHED: 2020-02-26
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.
CVE-2020-9406
PUBLISHED: 2020-02-26
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
CVE-2020-9407
PUBLISHED: 2020-02-26
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.
CVE-2020-9398
PUBLISHED: 2020-02-25
ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection.
CVE-2015-5201
PUBLISHED: 2020-02-25
VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows r...