Blog / It’s a brand new year in IT
It’s a new year, and that means time to start fresh, take a deep breath and buckle up for a year full of unknown possibilities, right?
Well, maybe not all of them are unknown. In fact, some things remain the same. The security of your organization’s computers is still important and still an issue, for one.
That means it’s time to start anew with a fresh batch of advice. Don’t worry though! For this first newsletter of the year I’ll keep it simple and straightforward repeating a powerful cyber security mantra:
Actively monitor all of your security. All of your devices. All of your software. Your entire environment.
Okay, so it’s not exactly a mantra and this isn’t new advice. In fact it’s one of the most commonly given pieces of advice from security experts all over the world. So this begs the question, why is this such common advice?
The answer is unfortunately simple. It’s just generally not done.
Oftentimes, devices or software applications are installed and as long and everything seems to work, nobody looks any deeper. That measure—”working fine”— is not a good measure, and usually means that nobody is complaining or there’s no obvious misbehavior.
That’s a horrible yet all too common approach used by many organizations today. I know it. You know it. The bad guys know it. Yet most devices and programs go unmonitored until someone happens to notice something is wrong. By that time it’s often too late.
Why’s this practice so common? There are two reasons I can see as the major cause of this.
Reason #1: Active monitoring is expensive. Someone needs to spend time constantly looking for issues, and they need to be paid for that time. IT is often seen as a cost which makes it a target for budget cuts. It’s hard to reduce the cost on physical hardware or software, so trimming an IT budget usually means cutting staff hours instead of hardware.
Reason #2: Assuming critical tasks are being done. This is a bit less obvious of a reason for failing to actively monitor your system, but it still happens far too much. It’s the simple assumption that monitoring (or any critical task) is just “being done” or that the task takes little to no time. There’s no official statement, no recognized assignment of responsibility. There’s just the assumption that someone somewhere is monitoring everything. There’s also the flip side where no one recognizes monitoring should or even can happen.
The thing about active monitoring is that most of the time, when there’s an intrusion, there will be log messages indicating something weird is happening prior to things going off the rail, such as strange login attempts or other odd log entries. Actively monitoring and looking for issues helps prevent serious intrusions, but at a cost of time and, subsequently, money. The point? Make sure active monitoring is the sort of activity that is explicitly part of your IT planning and budgets.
Longtime readers know I like to finish these with a bit of Shakespearean advice, but for the new year I always prefer a quote from Julius Caesar: “I am fresh of spirit and resolved to meet all perils very constantly.”
If you have any questions about automatic and manual monitoring, please reach out to your TRINUS Account Manager for some stress-free IT.
By Kind, Courtesy of Your Friendly Neighbourhood Cyber-Man.