The top 10 security land mines

The 10 most common security land mines that experts say you need to avoid.

7. Handling breach details sloppily tips off the perp

Another common problem is that companies typically fail to establish a "need to know" approach to breaches, which makes it harder to carry out baseline investigations as workers find out about an incident and immediately try to protect their own interests.

If insiders are involved in the problem, they also gain the advantage of knowing that the gig is up and may stop telltale behavior useful to investigators -- and often try to cover their tracks, Mandia said.

8. Trusting "silver bullet" technology hides real threats

As regulatory measures that involve IT and data security interests continue to multiply, businesses have invested a lot in technological solutions to plug the holes. But companies commonly believe that installing a specific technology or meeting some individual aspect of a regulation is a silver bullet or a quick fix. It's neither.

"The biggest problem I see is people thinking that simple things like deploying anti-virus [software], patching, and running vulnerability scans are actually what it means to be compliant. They're not approaching it from a risk management standpoint -- they're just checking the boxes," said Mike Rothman, an analyst with Security Incite.

Companies often compound this fools' paradise by auditing their limited security fixes and taking a passing grade as confirmation that no more work is needed. "People often think that once they have a positive audit, they're done," Rothman said. "Then the bad guys prove to them that they're not."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about ACTLeaderLeaderMcAfee AustraliaMicrosoftParadiseSymantecVIA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Matt Hines

Latest Videos

More videos

Blog Posts