Tech & Work
Whether you’re a developer or a net admin or a CIO, you may have picked up a few bad habits along the way. This ebook runs through the most common of these habits for six job roles.
Form the ebook:
Demand for cybersecurity professionals continues to rise, with the projected talent gap in the field reaching 1.8 million jobs by 2022. Those that take on these roles play a key role in the enterprise, as the average cost of a data breach worldwide is now $3.62 million.
A number of common mistakes arise in the field that can make the job more difficult and put companies at risk. Here are 10 bad habits cybersecurity workers should break to be most effective in their role.
1. Being overconfident
The most common mistake made by cybersecurity professionals is overconfidence and a false sense of security, said Bahram Attaie, assistant professor of practice at the School of Information Studies at Syracuse University. “They believe that they have implemented all the right controls, and as a result they think they are un-hackable.”
Overconfidence that a single or few selected layers of protection is adequate is also a mistake, said Andrey Pozhogin, cybersecurity expert at Kaspersky Lab North America. “In a strategy game, every unit, no matter how powerful or agile it is, can be defeated by another unit,” Pozhogin said. “The same is true for security. There’s no silver bullet, and that’s exactly the reason why security has to be multi-layered.”
2. Bypassing corporate controls
When corporate controls prevent cybersecurity experts from doing their job efficiently, they often bypass these controls or turn them off, Pozhogin said. “As security layers need to be put in place, there will be incompatibilities between different technologies, so workarounds will be found, competing technologies will need to be turned down or off, repetitive settings will have to be changed and will be forgotten to be changed across different policies.”
Disabling or removing protections such as antivirus, network security protocols, or two-factor authentication for convenience can lead to an exposed system with deliberately bypassed protections and unencrypted documents, said Travis Farral, director of security strategy at Anomali. “Any click on a phishing email or successful drive-by attack on exposed systems will give attackers access to them and anything that can be accessed through them.”