In its 9th year running, Spiceworld is one of the premier conferences for IT professionals and technology marketers. Held in the Austin Convention Centre, it is a Texas-sized IT conference that provides us with a great opportunity to interact with professionals engaged in broad IT activities as opposed to just focussing on security.
As such, it provides the perfect backdrop for us to understand their challenges and concerns and establish whether there are any fundamental differences between how dedicated security professionals view the world compared to their broader IT professional cousins.
We posed the following question to them: what is the toughest thing about working in IT? Overall, the responses pointed the finger at users being the biggest thorn in their side. This is a comment that is echoed by many security professionals who blame end users for many of their security woes and who have invented a variety of acronyms such as PICNIC (problem in chair not in computer) to describe their user-related predicaments.
Although human-error is impossible to completely eradicate, there are steps we can take to minimise the frequency and impact of such errors.
User awareness or training is fundamental in reducing the frequency of errors. Just as a well-trained driver is less likely to have an accident compared to a learner, a user that has been made aware of the best way to use software is less likely to make mistakes.
Response after an error is also critical. When a user does make a mistake, like opening an attachment on a phishing email, it is essential to have the right controls in place to be able to detect this error and respond quickly before the event can become a full-blown incident.
So, how do we end this? Perhaps there are more thoughts on working in IT and how tough it is that you would like to share in comments?