Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

2/18/2020
08:00 AM
Curtis Franklin Jr.
Curtis Franklin Jr.
Edge Articles
100%
0%

8 Things Users Do That Make Security Pros Miserable

When a user interacts with an enterprise system, the result can be productivity or disaster. Here are eight opportunities for the disaster side to win out over the productive.
Previous
1 of 10
Next

IT security would be so much easier were it not for users. To be specific, it would be easier if users didn't insist on doing things with their computers and devices. Unfortunately for security teams, it's hard to have a productive workforce if all they do is sit and stare at their lovely, perfectly safe computers, so security professionals have to constantly take into account users and their risk behaviors.

Not all user interactions are risky, fortunately, and not all risky interactions are equally risky. So which of the unfortunate interactions are most likely to send security professionals diving for their quart-sized bottle of bright pink antacid beverage?

This list springs from a conversation with Corey Nachreiner, CTO at WatchGuard. As with many of these conversations, it began with a short list that grew with, "Oh, and another one is … " repeated a couple of times. After that conversation, Dark Reading had the same chat with other security professionals and found an unsurprising level of agreement that these are bad, bad things.

It's important to note that not all of these bad interactions are the fault of users. While some undeniably do fall squarely at the feet of the individual behind the keyboard, some are the result of design or implementation decisions by enterprise IT — decisions that users have no real control over. In every case, though, regardless of who is responsible, there are steps enterprise security can take to reduce the impact of these bad interactions. Let's take a look at the list of bad things, the good options for dealing with them, and how your security team can work to have more secure interactions — and fewer hits off the big pink bottle.

"Many employees will perform some risky behavior within organizations; however, it really comes to what the risk is exposing and what data it is meant to be protecting," says Joseph Carson, chief security scientist at Thycotic. How is your organization dealing with these behaviors? And do you think we left some critical interactions off our list? Let us know in the Comments section, below — the conversation there should be a very good interaction, indeed.

(Image: Benzoix VIA Adobe Stock)

 

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ...
View Full Bio

Previous
1 of 10
Next
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
   OVER THE EDGE
Building Cybersecurity Strategies in Sub-Saharan Africa

Filmed for Dark Reading News Desk at Black Hat Virtual.

LAURA TICH: We have that imbalance, where the big organizations are more protected, where the smaller ones -- which are the most common businesses in the region -- they are least protected... Sometimes they do get the tools, they do get the funding to buy some critical tools, but there's a lack of skills to handle or people who understand how to work those tools. So there are a lot of factors that contribute to our growth -- or lack thereof -- in the cybersecurity industry.

 

Name That Toon: Tough Times, Tough Measures
Latest Comment: Wear a mask, please!
Flash Poll