People tend to stick to common perceptions about security and there are several myths perpetuated among people and companies today, says Amnon Bar-Lev, VP worldwide field operations at Check Point.
Firstly, many people think they are secure, that nothing happens in their organisation. Most threats are invisible - there are 25 billion security events per day, 30 000 per second. Revenue from cyber-crime now exceeds that from drugs trafficking and attacks continue relentlessly, he says.
Every organisation, device, application and person touching the Internet needs protection, Bar-Lev stresses.
Another common misconception is that the threat race can be won. "In the past, we had amateurs and professionals. It has gone from a low-skill to a high-skill phenomenon. It has become far more complex. There are not so many amateurs; most hackers are professional now. They do password cracking, session hijacking and phishing. These are low profile, highly skilled people who are motivated financially. The race never ends."
In addition, people should bear in mind that more product does not necessarily mean more security, he adds.
Another fallacy is that endpoint security is an option. Bar-Lev says endpoint can be the weak part, for example, the laptop that just walked out the door. About 53% of mobile professionals have confidential data on their laptops. Sixty-five percent of these, he says, are not protected and 85% reported at least one breach in the last year. Sixty-one percent said the breaches were a result of the inability of companies to enforce their IT policies. Over and above this, 12 000 laptops are stolen in US airports alone every year.
Bar-Lev says another issue is compliance; the issue of “I need to be secure” because “I need to be compliant”.
"Compliance is a subset of security. Firstly, the security infrastructure must be established, then activate compliance tools."
Another problem is that many organisations and individuals believe security is a one-off investment. “The reality is different. New offices, new locations, new employees, new threats, new countries, new customers and new compliance. Management is key to performing complex tasks.”
Complex problems do not necessarily equal complex solutions, much in the same way, simple problems do not always require simple solutions, he says. For example, many companies think having a firewall and AV is enough. That leaves any organisation vulnerable.
Finally, those seeking a security solution should not believe the sticker price equals total cost of ownership. There are other costs involved. “You need to add services and support. Add electricity and hosting, 20% to 60% of the costs. Add IT staff time. Add cost of downtime. Add that up and you will have an idea of the total cost of ownership,” he concludes.
Share
