York Thought Leadership Blog

We Won’t be Hacked: Top 10 IT Security Myths

Posted by Danielle Toste on Tue, Apr 1, 2014 @ 13:04 PM

Security breaches happen every day. Some are as small as a person disputing a $50 fraudulent charge on a card to huge security breaches, such as the Department of Veterans Affairs, that resulted in 26 million veterans, active-duty, military personnel, and spouses information beingdescribe the image compromised. With IT security being a hot topic and consistent news story in the media, we decided to take a look at some of the top IT myths and how to combat them.

Myth 1: We won’t be hacked

No matter what type of security system businesses have in place, there is always a possibility for a breach. Face the business responsibility to confront security-related requests and make use of a security classification framework. 

Myth 2: We have physical security (or SSL) so you know your data is safe

This myth is associated with not understanding the risk. Ensure that security purchases match data requirements.

Myth 3: Regular expiration strengthens password systems

Research shows that having regular password expiration may not be useful and that it should be done randomly. Although, stopping passwords from being hacked completely might not be possible, this is at least one way to try and prevent it.

Myth 4: Moving the CISO outside of IT will automatically ensure good security

Moving the services won’t stop a company from being hacked. They need to find the area of weakness in their security programs.

Myth 5: Adhering to security practices is the CISO’s problem

Passing off the problem to another business unit won’t solve the issue either. A company should build an information security program around their culture.

Malware imgMyth 6: Cyber security is a technical issue for which executive level business management has little or no ability to contribute

Even though this statement might not be said, this is implied thru behaviour. It is management’s responsibility to define a security policy for the overall organization and that requires management to accurately understand what is needed in a security plan.

Myth 7: IT is, and should be, responsible for cyber security

Yes, IT is responsible for enforcing, preventing, and/or detecting behaviours defined by the company’s security policy. Yet, IT should not be making decisions about who should or shouldn’t be able to access information. That comes down to the myth above-- management.

Myth 8: Being compliant makes us secure

Just because a company passes a compliance audit does not ensure that one is properly secure. It only means that the requirements for a particular regulation or compliance have been met. A company could be overspending to meet the requirements and still not be secure. Businesses should focus on improving their security while still meeting the standards.  

Myth 9: Any computer virus will produce a visible symptom on the screen

Many people think that a computer with a virus will start acting up. Not always the case. A computer can run fine and still have malware on it. The only way to know 100% is by having the device scanned regularly.

Myth 10:  We have a firewall on our network, of course we’re protected!

Just having a properly configured firewall will not protect anyone against malicious content encapsulated over an SSL connection.

 

While being protected from all security attacks might not be possible, understanding of risk and having a thorough security policy that is implemented and regularly changed to keep up with new threats will greatly reduce your chances of being attacked.

 

What IT security myths have you heard?

 

References:

http://www.botzandassociates.com/blog/5-cyber-security-myths/

http://www.infoworld.com/slideshow/33387/the-top-13-security-myths-187168

http://www.networkworld.com/news/2013/061113-gartner-reveals-top-10-it-270738.html

Topics: Blogs, IT Security, IT industry, Industry Trends, Information Technology

5 IT Skills That Will Get You Hired This Year

Posted by Danielle Toste on Tue, Feb 11, 2014 @ 10:02 AM

The job market for information technology is steadily and consistently growing. Technology is constantly evolving with new skills developing fast and outdated skills getting pushed out. Because of those variations, here is a list of the top 5 IT skills that will be sure to benefit IT professionals in 2014.

Big Data

Big data is used to describe the exponential growth and availability of data. A recent IDG Enterprise survey of over 750 IT decision makers showed that nearly half will be implementing big data projects or are planning to in 2014. This is a 5% increase over last year; even though it might seem small, it is showing that big data is growing and will continue to grow
each year.

Big data is being implemented in all different types of businesses, from sports to retailers, companies are realizing the valuable business intelligence they can gather to improve decision making and gain a competitive advantage. Big data can analyze anything from how often a person visits a location and track their purchases which then can be used to discover
how businesses can personally tailor their next visit. 

Below are specific skills that are needed this year in big data:

  • ETL (Extract, Transfer, and Load) Developers
  • Hadoop Developers
  • Visualization Tool Developers
  • Data Scientists
  • OLAP Developer
  • Data Warehouse Appliance Specialist
  • Predictive Analytics Developer

 Mobile

The need for mobile application developers is growing as much as the use of mobile technology is. About 20% of web traffic last year came from a mobile device. Yet, mobile app development is ranked as the third most difficult skill to find according to Computerworld. Most companies want someone who has experience with developing for Apple’s iOS . There are a lot of other skills needed in order to develop mobile apps. Training in Java, jQuery, and other scripting languages are just a few skills associated with mobile app development. The shortage of people with these skills and an increase demand for app developers has caused a shortage in this
area.

Cloud

In 2012, the adoption and acceptance of cloud technology grew so much that 1.7 million cloud-Cloud Computing caprelated jobs went unfilled. Companies are looking for individuals with knowledge in migrations, integration, and developer knowledge of different cloud providers’ application programming
interfaces. The future of data storage is going toward cloud meaning that the demand for IT professionals with these skills is only going to get higher. 

Security

Due to the increase in software hacking and the uncovering of NSA activity, IT security skills are extremely in demand for 2014. Security is the top concern of every CIO’s mind, so the need for solid security architecture is always going to be around. Those who have experience in
security saw a 23% increase in value and demand over 2013 and that number will
continue to rise in 2014 with a quarter of businesses looking at growing their IT security staff.

Web Development

describe the imageWeb development is still a hot skill for IT professionals and as long as the internet is around it will be. More companies are especially interested in those who know open source languages and modern languages such as Ruby and Python because this de-emphasizes Microsoft language and shows initiative. Companies see web development as such an investment for their
business and will pay lots of money for them. It is vital that web developers have framework knowledge, widget development, CMS customization, plugin development, and flash knowledge because all of these components are what companies want for their websites. 

 

Having any one of these five skills will make you attractive to prospective employers and due to the shortage of experienced professionals in these areas, they could possibly drive up your salary. So, if you are looking for a possible career change or just want to expand your knowledge, tech executives everywhere would highly recommend developing and perfecting
these skills.

 

Which would make your top 5 list? Answer below!

Topics: Blogs, IT Security, IT consulting, IT industry, Industry Trends, Industry News, IT Job Search, Information Technology, IT Skills