Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

2/14/2019
10:00 AM
Kelly Sheridan
Kelly Sheridan
Slideshows
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

Security Spills: 9 Problems Causing the Most Stress

Security practitioners reveal what's causing them the most frustration in their roles.
Previous
1 of 10
Next

(Image: Milanmarkovic78 - stock.adobe.com)

(Image: Milanmarkovic78 stock.adobe.com)

Cybersecurity isn't an easy gig. It's tough to keep track of the most stressful problems because adversaries are constantly evolving their tactics and security threats are constantly changing.

In fact, the rapid evolution of threats is one of many issues plaguing security pros. The onslaught of emerging threats is made more difficult by lack of resources. All the while, employees are bringing unsecured smartphones and devices into office environments.

"You can't predict what you can't see, and so the adoption of BYOD policies at companies, combined with an increasingly complex network environment, leave organizations susceptible to attack," says YL Ventures principal John Brennan.

Movement to the cloud, vulnerability management, data governance, and choosing, implementing, and managing new security products compound the challenges and give security teams even more to worry about. For small organizations, where one person is responsible for securing everything on his or her own, the list of issues can be overwhelming.

Here, security pros across the industry share what's most stressful about their jobs. What is most stressful about your job? Feel free to jump in the comments section, below, and add to the list.

 

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Previous
1 of 10
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
CyberBoss77
50%
50%
CyberBoss77,
User Rank: Apprentice
2/28/2019 | 1:42:01 AM
Is it really China
Hackers are increasingly using false-flag operations that wrongly point the blame toward China. Because Chinese hackers often rely on publicly available cyber tools for their operations, it is easy to mimic their signature viruses, according to Tony Granims, a cyber security operations officers at Critical Strategies Group, a cybersecurity contractor that does cyber incident response and threat intelligence.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
2/26/2019 | 3:28:31 PM
Re: People avoiding responsibility
I hear you and particularly when the number of threats, actors and agents is many times your sole resource.  And they keep coming and attacking and coming.    Desktop support in particular can be your worst agent - they reimage (sometimes) and then put compromised data (which they do not know is compromised) back on the new system .... off to the races again.  We had one rep here who only knew to change group policy settings.  That was IT entirely.  Anything else?  Hah!   It is their problem too only they are tasked for inventory of systems, management of systems and fixing problems RIGHT AWAY because the use rhas a trip to Chicago tomorrow and needs it FIXED RIGHT AWAY.   Sheesh - I remember doing that.  Securituy?  That's YOUR job .
blackjack0021
50%
50%
blackjack0021,
User Rank: Apprentice
2/23/2019 | 3:26:12 PM
People avoiding responsibility
Security is a broad topic, so the concerns are equally broad. My Security role as Architect and Advisor is part coaching, persuasion, and influence trying to get both business and IT folks to take Security and their responsibility seriously. I get it, we focus on getting tasks done and naturally cut corners and overlook things outside that focus (google the invisible gorilla for a cute demonstration and insights there). What wears me down is constantly hearing that "security is your job, not mine". This is abdication of responsibility and accountability and flows from the top on down. We have 100 times more IT folks than Security people. Security can't micromanage how everything gets done. I mean it you're a dba then dba security is part of your responsibility... coder? secure code... network? securely config your devices, etc. Think "safety" in a factory... is it only a concern for the Safety Oficer? Obviously not! Real safety has to be part of what each person does every day, a habit built in to every process. However, for Security the resistance from the organization is considerable. It's too hard, too complex, too expensive, always changing, etc. I am not unsympathetic or unaware of business challenges... no business can actually budget as much for security as they should- but feeling like the lone voice in the forest while the wolves circle is what wears me down every week.
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3154
PUBLISHED: 2020-01-27
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
CVE-2019-17190
PUBLISHED: 2020-01-27
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the...
CVE-2014-8161
PUBLISHED: 2020-01-27
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
CVE-2014-9481
PUBLISHED: 2020-01-27
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
CVE-2015-0241
PUBLISHED: 2020-01-27
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric ...