Yes, it's time again for Scary Tech Trends. We've been remiss in our last few years of Scary Tech coverage, but we're baaaaaaaaaaaaaack.
In previous years, the monsters were such awful ghouls, ghosts and goblins as Unreliable Clouds, IT Consolidation, Virtual Workplaces, The Never-Ending Workday and Cyber Bullies from Hell.
This year, I've got a bunch of new ones for you, so let's crack open a fresh bucket of chilled monkey brains and get our B-movie rolling.
It sits racked in your dark, cold datacenter, where the evil sysadmin gnomes live. Haunting the inside of a 4U power sucking beast, stored on your SAN as physical file systems or as virtual machines.
It's as old as Methuselah, because your IT organization is understaffed, has no budget, or just can't see why replacing it has any value. What am I talking about? I'm talking about Windows Server 2003.
Look, it's been eleven years. Server 2003 and 2003 R2 had a good run. But it's no longer equipped to handle today's security concerns, and it is just barely hanging on in terms of being able to run current workloads. It's time to go. Heck, it wants to die.
And it will be completely unsupported soon. July 14, 2015 is the end of the road.
I know this might involve replacing a whole bunch of server hardware, as well as rolling out new versions of line of business apps, but if a large portion of your hardware is EOL, you really need to do this anywany. Along with a good DR plan, keeping your server hardware fresh is part of a good overall business continuity strategy if equipment fails.
You've seen these poor, lifeless beings everywhere. People... if you can still call them that... with pallid, emotionless faces, staring down at small screens while they walk direction-less down the street, completely unaware of their surroundings.
Yet these poor souls actually believe they are more "connected" to the outside world and more people than ever.
Sometimes they return to real life, and have real interactions with living human beings, but then this horrible urge kicks in which compells them to pull out their iPhone, their iPad or their Android device. Their PRECIOUS.
They'll pull it out in the middle of a business meeting while someone else is talking, and they'll fiddle with it in the bathroom stall at work (or, good heavens, take calls on it and seal deals while on the can).
They'll pull it out in the middle of dinner with family. They'll mess with it while everyone is cuddling on the couch, watching TV. And even after satisfying the most basic of human requirements, it still won't go away. "Oh was it good for you, honey? Great, you nap, I'm gonna play Candy Crush."
All kidding aside though, an average of eleven teens die every day from texting while driving or by being otherwise distracted by their mobile device, and at least 25% of all car accidents are caused by driver distraction.
If that's not scary I don't know what is.
How many times do we have to tell you guys? Use a complex password, and change it often.
And for Pete's sake, don't share passwords with anyone!
No, your anniversary date or your birthday, mixed with your pet's name doesn't count as a complex password.
Ideally, a multi-factor authentication method is best for securing your data in the cloud and on your personal systems. But if that's too bothersome, go with at least eight characters, using a combination of mixed case alphanumerics along with non-alpha characters.
An example of this would be something like R1tch13R1c4386!
The consequences for not doing this can be dire. Just ask Jennifer Lawrence, who along with 100 other celebrities were subject to a "brute-force" style attack on Apple's iCloud, which did not lock out accounts after repeated failed attempts. Doh!
Bulletin Board Systems. WordPress. Content Management. Oh yeah, Drupal.
If you're going to maintain a content site, then you had better be prepared to keep it patched and running on the most up to date builds of these Open Source-based systems. Otherwise, you will be in a world of hurt.
Hackers just love to look for exploits, and more than anything else they enjoy defacing your websites and stealing all of your data.
Scared yet? No? Well, you will be. You will be.
Heartbleed. Chances are, even if you don't work in information technology, you've heard all about it this year.
To recap, this is a bug that affects the Open Source OpenSSL library that is used in many Linux and UNIX web server systems and potentially gives an attacker the ability to capture data in the clear.
Given that Linux powers most of the Internet-facing web systems, that's an awful lot of exposure.
Since the bug was exposed, many of the commercial services you all know and love have all patched their OpenSSL to 1.0.1f or later, which is not vulnerable to the Heartbleed bug. The current version, as of October 15, is 1.0.1j.
It should be noted that IIS, Microsoft's web server uses its own SSL implementation and is not vulnerable to Heartbleed. And there are other commercial implementations of SSL that run on Linux and UNIX that aren't susceptible either.
Still, there are huge number of unpatched systems with OpenSSL out there. So if you have data sitting on some random web server, those could get compromised some day and you could be a target.
If you're letting your employees bring their devices and removable media into the workplace and permitting them to access data without some sort of Mobile Device Management (MDM) and Group Policy in place, prepare your organization for being headline news sometime soon.
Why? Because your company's reputation is about to tank. Julian Assange loves companies like yours, as your sensitive information is just ripe for the taking.
It might originate from a disgruntled employee wanting to take revenge for a bad performance review or a lousy or nonexistent bonus. All he needs is just a USB disk or a stack of DVD recordables labelled "Lady Gaga", like Chelsea Manning, formerly known as Pfc. Bradley Manning, did when she stole hundreds of thousands of US Government communiques from the secure SIPRNET network.
How did she do that? Unlike the secure workstations used at CENTCOM in Tampa, Florida, the Iraq field office that Manning worked at did not remove the CD burners from the PCs. So she could suck down communiques unencumbered.
An effective use of Group Policy as well as password protecting the EFI/BIOS within your enterprise can block access to CD-ROM and USB devices if needed. But even if you trust your employees not to walk out with your most sensitive data, there is also the risk of data loss itself, if they simply lose a USB stick or even a laptop when they are in the field.
You can easily prevent this by having your employees to BitLocker encrypt their USB sticks and their local hard drives, which requires the use of a password to unlock them or to boot the operating system.
What about if they lose their personal smartphones and tablets that are now connected to your corporate email system or have line of business apps and data stored on them?
With Mobile Device Management software like Microsoft's Intune, BlackBerry Enterprise Server, Citrix XenMobile or Good Technology you can enforce lock passwords, encrypt the device, and also remotely wipe the data on the device should the devices become lost.
Some mobile operating systems, such as Windows Phone 8.1, special versions of Android on select devices (such as Samsung KNOX) and BlackBerry 10 actually allow companies to partition BYOD and fleet devices into "Personal" and "Work".
If an employee is terminated or access to resources needs to be removed, simply the "Work" part of the phone is erased, along with the data and the applications associated with it.
The thought of not having MDM in your enterprise is just scary.