In the last 10 years there have been many changes in IT. In this digital age, online banking and shopping has grown, computers have changed, and there has been a rise in the use of mobile devices.
The way people access networks and the internet is different to how it used to be. In this ever evolving digital world, hackers and cyber criminals have adapted by creating more sophisticated strategies to extract money and cause chaos. IT security jobs have changed in response to new technology and fresh threats.
There was a time when most hackers were adolescent pranksters and vandals. Many of the viruses that they created did damage such as formatting hard drives and erasing data. Other viruses were simply annoying, causing distracting flashing pop up messages to appear. Disruption and inconvenience, not financial reward, was the goal of these hackers.
Businesses installed anti-virus software to combat the hacking attacks and this generally took care of the problem. Ten years ago, many businesses employed computer personnel to look after their networks, but not every company had specialist IT security experts. This is changing.
Now, there are professional gangs who create malware to steal money and corporate secrets, or demand ransom to clean infected systems and restore hacked websites.
Cyber security employees need to create systems that go beyond simply installing the latest version of an antivirus programs. As professional hackers become more sophisticated in their methods, more robust security tools are being developed in response.
State and militant hacking
Cyber security workers need to respond to other types of hackers who have appeared in recent years. States now hack, with both Russia and China having been accused of hacking into United States IT systems, sometimes to cause disruption but often to gain intelligence.
There has also been the rise of terrorists and nationalist militants who see disrupting IT systems as another weapon to be used alongside more physical activity.
New methods of protecting networks
The Sony Pictures hack showed how hackers could gain access to a company’s complete email system. Other viruses are spread via a file attachment that can infect a whole network and prevent it from operating. If a company’s whole network is affected, then this can seriously disrupt the operation of the business.
To combat this, cyber security now needs to be able to isolate the management of a network from the rest of the system. In this way, if the system is infected, isolated computers outside of the network can fix the problem and get the network up and running again. Although much effort is made to prevent hackers penetrating a system, IT security needs to include ways to quickly get an infected network up and running again as quickly as possible.
In the past, the emphasis was on securing a computer system to prevent hacking from a remote computer. One area of vulnerability often neglected was the risk of unauthorized persons physically entering the workplace to access the computer system. At one time only government and secure research facilities needed security systems to prevent unauthorized access to the premises. In many large companies, if you could get past the receptionist, you could roam freely throughout the building.
Companies are increasingly relying on physical security devices. At one time entering key codes gained access to a company’s premises, but now IT security people are responsible for smartcards and other authorization tools to ensure that only authorised personnel can enter. These systems keep a record of who entered, where and when, and are designed to detect attempts by unauthorized personnel to gain entry.
Computer rooms and server facilities have locked doors, often with biometric systems designed to allow only a few select people to enter.
Though many computers are accessed via passwords, increasingly companies are using biometric devices such as fingerprint readers and eye recognition systems to grant access. Some systems use portable electronic devices that frequently change access codes. Simply knowing a user’s name and password is not enough to log on to a computer.
If an unauthorised person gains access to a network, then the next line of defence is encryption. Ten years ago, encryption was something associated with spies and other top secret organisations. Now, there are fears of agencies reading emails, including governments and rival companies.
To prevent this, security personnel install encryption system to encrypt emails and sensitive documents. Laptops can have systems installed that make files unreadable if the device is stolen.
A few years ago, a typical business network consisted of a central computer which workers accessed through their office workstations. If an employee left the office then they could not access the system.
With the growth of portable devices, workers located anywhere can access a network and this has presented many challenges to workers responsible for cyber security.
Smartphone and tablet apps can remotely connect to a database on a company’s server. For example, a sales person can access a client’s record and directly input sales order data that alerts a picker at the company’s warehouse so that the order can be dispatched within a few minutes. Whilst this kind of operation is great for efficiency, it creates issues for security personnel.
If an employee’s phone or tablet is lost or stolen, there needs to be encryption systems in place to make sure that no unauthorised person can access sensitive company information.
The Internet of Things
The next stage of this digital age is smart devices that communicate with each other and the internet. These can be in the form of wearable devices such as the Apple Watch and health tracking wristbands. In the home, smart thermometers, lighting and security systems can be controlled remotely from a smartphone app.
Not all of these devices have robust security, but this is an area that IT security needs to address. In an ever shifting digital world, the role of the IT security job is changing and adapting to meet new security challenges