In Star Trek there was a defensive technology called a “Romulan Cloaking Device” that made their ships invisible to their enemies, much like Harry Potter’s invisibility cloak. From an IT perspective, you need to be aware that your enemies are often invisible. Like Romulans, they can be cloaked.
Viruses, spam, and malware are similar to Romulans. They can be cloaked, yet they can be defeated. But you can’t defeat them with just technology. Admittedly, you need great technology, but you also need to fight the battle on multiple fronts. The interesting lesson from Star Trek is that it is not just a technology game. There are three non-technical soft tools that can dramatically enhance your defensive posture: policy, communications, and coordination.
Let me explain what I mean by policy. You need an organization-wide level security policy giving you the right to enforce IT security (I’ve talked a little about this in Part 3 - Keep your phaser set on stun). To get the mandate to do something like this can be tough. My experience is to ask for an external security audit. You might think that is a bad idea because we all know how potentially vulnerable any infrastructure can be to determined security threats. Such a study might be embarrassing. But my advice is let the auditors be as negative as possible because it gives you, the IT leader, the ammunition necessary to request greater security authority through policy measures.
The second soft skill is communication. For example, prevent phishing attacks through education about never giving out passwords. I tell folks not to tell anybody their password. IT already knows your password, so why would we ask for it? You can’t over communicate this point. Phishing attacks are daily and they are increasingly sophisticated and focused. Spammers are taking the time to learn more about your environment and make the phishing messages more realistic all the time – including using your own logos and timing the attack to coincide with planned system outages. So I advocate communicating relentlessly about security issues.
The third soft skill is coordination. Integrate closely with your non-central IT folks to work together to fight campus threats. At my organization we had a team of folks from central IT and otherwise that worked together as an extended security team coordinated by our central IT security manager.
Most importantly, in many of my favourite Star Trek episodes, Captain Kirk didn’t win battles with superior technology. Quite often he ran into aliens with far superior technology. But he won his battles by outwitting them.
As a matter of fact, Star Trek isn’t an enduring TV show and movie franchise because it is cool science fiction. It is a success because it focused on our humanity and not on technology. The technology was often a gimmick to facilitate the human story. For example, the transporter beam was invented by the writers to conveniently switch scenes as part of a story telling technique. So keep your wits about you and do not let a cloaking device or any other advanced technology fool you.
~
No comments:
Post a Comment