The top β€œoh crap ..” moments every cybersecurity team is familiar with

Cybersecurity is one of the most exciting career choices a professional can make with rarely a dull moment. However, no matter how competent they seem; cyber security professionals are still human at the end of the day and prone to mistakes like anyone.

In my two decades in the industry I have seen my share of incidents and goof ups but there are a few which I have seen happen to almost every cyber security team.

Listing a few of them below and let me know of any others you might have experienced.

The Cybersecurity team causing an incident

The Cybersecurity team is the gatekeeper of the data stored and always vigilant to any attack from outside or within.

Trainings on cybersecurity awareness are always mandated and employees expected to be on the alert for any scams or alerts

This is why it is always massively embarrassing when a member of the cybersecurity team falls prey to one of these scams instead of β€œnormal” users.

I have seen my share of CISOs clicking on phishing links or getting their smartphones compromised. The good CISOs take it in stride with a bit of humor and even retake the security trainings to make a good example

It just goes to show the security team is human like all of us !

Temporarily disabling a control and then forgetting about it

Given the amount of cybersecurity controls that have to be implemented at the network, application, database, cloud and user layers; it is a miracle that they are monitored at all.

One of the biggest mistakes I have seen in my carer is cybersecurity teams who make an exception for a temporary time e.g. enabling USB access for a vendor or senior person .. AND THEN FORGET ABOUT IT

This might be because no reminder was setup or the person who made the exception forgot to document it. Either way these turn up during yearly audits and cause a lot of red faces for the security team.

Not monitoring the monitoring control !

Security solutions are amazing and monitor everything in the network. But what if those solutions stopped working ? For example your SIEM solution is capturing all events at all layers and alerts for even the slightest violation .. but what if the SIEM solution itself stops working .. is there an alert for that ?

An empty mailbox for security alerts might not be an indicator that no events are happening .. it might mean you have lost visibility !

It is amazing how many times cybersecurity teams think that no alerts showing up for a day means all is A-OK when actually it is the security solution itself that has stopped working. You need to have an early warning system built it that alerts you when your security systems are not functioning.

I hope this gave you flashbacks to a similar time or a chuckle at a similar event. Let me know in the comments !

Taimur Ijlal is a multi-award-winning, information security leader with over two decades of international experience in cyber-security and IT risk management in the fin-tech industry. Taimur can be connected on LinkedIn or on his blog. He also has a YouTube channel β€œCloud Security Guy” on which he regularly posts about Cloud Security, Artificial Intelligence, and general cyber-security career advice.

If you enjoyed reading this then consider supporting me by becoming a Medium member using this link