How do we, as individuals who use computers but do not know much about the actual technical working within the systems and the internet, protect ourselves from what is now becoming a common form of crime: cyber crime? What is the title of the person who can work his or her art to make our computers secure, in the same way that we make our homes and workplaces secure with alarms, gates and cameras? That would be the security administrator.
This article attempts to explain the role of the security expert, found within the IT industry, which has diversified and specialized exponentially in the last two decades. We have some comments and insider information from our tame software engineer, Andy the Apex Coder, and we aim to help the lay person, who may feel overwhelmed and confused by the burgeoning job titles in IT, to understand this one better.
When we consider how secure our networks are, and whether anyone could potentially access our data backup or databases through the internet, we think of hackers and exciting, suspenseful movies. The names Snowden and Manning spring to mind, and the notion of being watched through the camera of a laptop by a nameless authority.
In reality, network security is not that glamorous. It hardly results in death, although some network security specialists do start out as hackers, and are either employed by a government or private organization for their skills, or they go to jail.
The role of the network rel=”nofollow”> security specialist is to ensure that each system attached to the network is safe from any type of cyber attack. These can come in various forms, and the actual act of hacking is not always a brute force attack on passwords or codes. It can also be in the format of a worm or virus, which is introduced into the network through emails, website downloads or infected USB drives. Attacks on the server or website look for vulnerabilities, and exploit them in whatever way the hacker can imagine. Finding ways into a system requires an ingenuity on the part of a hacker.
For example, if a hacker can access the search field on a website which is not secure, he could potentially gain access to that website’s database.
If you are a company which registers visitors to the website, and asks for information such as name and email address, this database could be exploited by other companies, who might try to access the information and sell it to a direct marketing company. This is one example of a seemingly innocuous vulnerability. Direct marketing is more of an annoyance than anything else.
Other databases may contain medical information, research results, or proprietary code for products in development, which could cost a company millions in lost revenue and law suits, if stolen. This is probably one of the reasons why this job earns amongst the highest in the IT industry.
Cyber attacks can also be used to gain access to surveillance systems within a company, and this access can be sold to different groups of people for the purposes of committing fraud, theft, industrial espionage, or even abduction and human trafficking.
Andy the Apex Coder is pretty closed-mouthed about the security specialists he knows. But he does mention that the biggest threat in his estimation is social engineering. Phishing and spear-phishing attacks manipulate people into willingly giving out passwords and user names, despite precautions in the system to prevent it from happening.
“People are often careless with their personal details online, and this can be used against them in many nefarious ways.”
A network security specialist is tasked with the job of anticipating ways that a system could be accessed, and preventing them. Where websites and servers are involved, a security specialist might conduct a security audit incorporating a penetration test to assess the vulnerability of a system. In the case of users on individual terminals, the security specialist will install limitations on what people can do on the network.
For example, he or she will set up a security barrier to prevent anyone but the system administrator from downloading and installing programmes. Another example is when employees send out emails with sensitive data. The company’s email server will scan emails and automatically detect this sensitive information, and notify the admins.
Depending on the nature of the company and the intensity of the security requirements, the system may be stringent or casual, or anywhere in between. That is largely at the discretion of the security administrator.
The security specialist is a high pressure role in any company, and it is not very well-understood by the average person on the street (or on the computer). They are viewed with suspicion or outright hostility by some. But they are not people to be on the wrong side of. While they have all the power over whether your password works or not, and access to your desktop at any time, they also tend to have a wicked sense of humor and can play pretty hardcore pranks, if they are of a mind to. So, as the legend goes, “Be nice to them.”