By Bill Minahan | October 16, 2019 | 2 Comments
You’ve seen the trend, hackers are outsmarting our IT professionals. There’s a new data breach or ransomware attack on some credit giant, school system, or municipality, every day.
“Financial and private data of millions compromised”, read the headlines every week.
It’s not that IT professionals aren’t doing their jobs, it’s just that hackers are doing theirs better.
Hackers are no longer teenagers sitting in basements trying to create chaos on some network or another. In the new age, hackers are highly trained and backed by powerful tech-savvy networks.
Cybercrime is a lucrative pursuit and the risks are often comically low. Especially when hackers are nestled behind computers hundreds of thousands of miles away from their targets. Often, they demand money through an anonymous, secure, and virtually untraceable, payment method.
Thank you, Bitcoin.
Contrast this with the typical IT team; often overworked and understaffed, especially those working at municipalities and school systems. They’re unable to defend their systems because their efforts are being poured into simply keeping them running.
IT professionals are usually highly skilled and trained. But technology is dynamic, evolving, and impossible to ever fully grasp. The second you think you master something it’s already changed.
Today’s typical IT professionals are preoccupied with solving everyday technology issues and their skill sets suffer as a result. When a cyber attack hits, they don’t see it coming and aren’t prepared to fight it off, never mind recover from it.
Unlike cyber criminals, the risks IT professionals take are high. If cybercriminals fail, they choose a new target. There’s rarely ever any setback or loss. When IT professionals fail, as we’ve seen, the results can be disastrous. Especially when hacks shut down a school system or freeze government data and operations.
A school in Houston County, Alabama, was just forced to delay the start of school due to a malware attack. Baltimore and Atlanta are still recovering from and paying for ransomware attacks that hit their cities.
Data is stolen. Work gets put-on hold. And people point to one group as they’re screaming questions and complaints: the IT team. IT professionals can lose their livelihoods after a successful cyber attack, regardless of whether they were at fault or not.
Hackers are making big money with little effort and virtually no risk. Most have powerful, savvy, and resourceful networks backing them.
Meanwhile, many of our IT teams are underpaid, understaffed, and overworked. And, they’re under extreme pressure to keep technology running smoothly and securely.
Is it really a surprise that the bad guys keep winning?
We keep failing to invest in our superheroes. We don’t give them the support, resources, or opportunities they need to excel, but we still expect them to protect us.
We’re holding their capes around their necks. We’re not letting them learn the new tricks the bad guys are using against us every day.
Our IT professionals are out of shape and it’s our fault, yet, we still blame them when the villains attack.
We fire them when the bad guys win; when the ransomware spreads and the firewalls don’t work.
Then we hire someone new as if it was them that was broken and not our system.
Hackers don’t necessarily win every attack. Sometimes, the target refuses to pay the ransomware and they don’t get their payout.
But their targets always lose. Either they lose their data or ruin their reputations. Just as often, it’s both.
The truth is it’s rarely the IT team that’s solely to blame. It’s often the leadership team that fails them and not the other way around.
IT professionals shouldn’t have to pick between keeping technology running and keeping it secure. To give our IT teams a fair fight against cybercriminals, leadership needs to invest in them.
We also need to offer employees outside of the IT sector cyber security awareness training—so they aren’t unintentionally helping the bad guys through human error.
Every organization needs an incident response plan—so when and if a breach does occur, we can mitigate the damage. This involves allowing our IT professionals time to establish and test protocols.
We need to give our IT teams the resources to learn and master the latest technology and trends. That way, they become familiar with the techniques cyber criminals are using.
If we can’t provide these resources internally then we need to partner with outside security providers to fill the gap and share some of the burdens. If we can provide this support, then we give our IT professionals a chance.
I hope we can because they’re the good guys and we need them. Lately, it seems like the whole world wide web is crawling with the bad guys.
Our IT professionals are trying to protect us—we just have to let them.