Kaseya IndustryAlertAvoiding theSeven Deadly Sins ofIT SecurityA holistic, forward-looking and flexible IT securitystrategy can help organizations avoid common pitfallsand meet security threats head on in a cost and timeefficient manner.www.kaseya.com
Deadly Sin #1: Ignorance“Prevention is more important than detection.”Crawford says that there is no sin greater than thinking you can prevent security threats from breaking intoyour IT environment. Organizations need to recognize that they have already been penetrated, and maliciouscode is waiting on a server, someone’s laptop or a mobile device to steal information or wreak havoc. Detectingthese threats is just as important as preventing them, and a successful security strategy needs to embrace bothstrategies to keep the organization safe.Situational awareness is key. Organizations need to know their current security posture, where the defenses lie,where there are vulnerabilities and whether end points are patched and up-to-date on maintenance.A securitystrategy that stresses prevention and detection will help you mitigate the effects of threats.Deadly Sin #2: Unpreparedness“We have anti-virus so we’re covered.”Most security strategies are focused on specific threats, whether its antivirus, network security or phishingattacks, but hackers today are sophisticated enough to evade conventional defenses. Organizations need tobetter understand where the last line of defense stands and develop a comprehensive and holistic securitystrategy that is able to break down the silos of defense and create awareness. Data flows freely throughout theIT environment from systems to the network to the data center, and information needs to be protected at alllevels and stages.According to Crawford, this is where IT systems management (ITSM) solutions come in.They have theframework in place to follow data throughout the environment and the ability to embrace a holistic approach.ITSM solutions already have processes in place to remediate issues in addition to providing defense andawareness.Deadly Sin #3: Neglectfulness“We scan regularly for vulnerabilities.”While scanning is a critical part of vulnerability management, it only covers the assessment and not theremediation aspect of preventing attacks. Organizations also need an action plan to combat threats and bringsystems and the network back to normalcy. Crawford suggests the PDCA plan of action, which stands for Plan,Do, Check and Act.Scanning encompasses the planning and doing aspects of the plan, but organizations also need to monitor fordeviations in systems’ status and then have a plan of action that administrators can use to remediate issues.According to a study conducted by EMA, organizations that define, follow and enforce policies report havinghalf as many instances that require remediation than organizations that are lacking enforcement mechanisms.Deadly Sin #4: Short-Sightedness“Our defenses are up-to-date.”Organizations shouldn’t plan to just win the day; they need a forward-looking strategy that prepares them toconfront security threats that may come up in the future.The nature of attacks is changing daily—essentiallymirroring the changes in technology. Consider that viruses used to be spread on five and a half inch floppies.Then they spread through the internet and email. Now the battleground is on social media and mobile devices.Crawford says that organizations need to have the flexibility in action, insight and integration.What he meansKaseya IndustryAlert | The Seven Deadly Sins of IT Security...there is nosin greater thanthinking you canprevent securitythreats from break-ing into your ITenvironment.”“Most securitystrategies arefocused on specificthreats, whether itsantivirus, networksecurity or phishingattacks, but hackerstoday are sophisti-cated enough toevade conventionaldefenses.“”Security is full of assumptions. Organizations think they’re covered, that their networksare safe, systems are updated and that their critical data is protected. In actuality,assumptions are dangerous, taking administrators off their guard while making userscomplacent.You could even say that assumptions are sinful, causing actions andreactions that put organizations, data and users at risk.We asked Scott Crawford, managing research director for analyst firm EnterpriseManagement Associates (EMA), to identify the Seven Deadly Sins of IT security andhow organizations can avoid these pitfalls.