Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

What enterprise should do when helpless employees lose hope in fighting cyber attacks

David Geer | May 29, 2015
What is the victim mentality and how can enterprises avoid it?

While enterprises can locate available patches with the help of the given software vendor, they may also want to use a patch management software package to ease the process of patching their many systems. There are many patch management products available; a few of them include Desktop Central from Manage Engine, Lumension's Patch & Remediation, and LabTech's product of the same name.

In addition to patching software vulnerabilities, basic security measures include hardening systems so that no ports or services are open or functional that are not necessary for the system to do its job. Most popular OS software vendors such as Microsoft, RedHat, and Apple and security organizations such as the NSA, SANS Institute, and NIST publish detailed software hardening instructions that are freely available. In addition, there are enterprise policy managers and auditing software packages that automate software hardening across systems and platforms.

Keeping firewalls up to date is another element of basic security. The enterprise should stay in contact with the vendors that support its hardware, software, network, NGFW, WAF, or any firewalls to receive and apply necessary updates and upgrades as they become available. Where there is a new security update, even for a firewall, there is an old vulnerability it must close and an attacker who knows how to leverage it if the enterprise does nothing.

Lead where you intend to

Avoiding the victim mentality starts and ends with leadership. Enterprises that don't appoint some sort of security czar at the C-level who is directly accountable to the CEO and the board may be inviting victimization by cyber hoodlums.

There's a saying that "you can't lead where you won't go". The opposite is also true: you will lead where you do go, and people will follow. If the example is that security is not important, that the enterprise is ill-equipped to deal with information compromise, and that attackers will routinely prevail, employees will follow that lead, likely with a bad case of learned helplessness.


Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.