Why security is failing in organisations today

Maxim Weinstein, security advisor for Next-Generation End-User Protection, Sophos.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

Maxim Weinstein, security advisor for Next-Generation End-User Protection, Sophos.
Maxim Weinstein, security advisor for Next-Generation End-User Protection, Sophos. 

Organisations today face advanced and complex security threats — including nation-state attacks and well-funded cybercriminals. The threat landscape continues to evolve on a daily basis, as malware authors and cybercriminals progress in the complexity and depth of attacks they push out.

And organisations are not as effective as they used to be in fending off these threats, because their approach to security is not evolving as quickly as the threats. It therefore comes as no surprise that there was a 48 percent increase in detected security incidents in 2014 from the year before, according to a study conducted by PwC.

These are the three key reasons why businesses today are struggling with security: 

Security is Incomplete
Many organisations have a disjointed, piecemeal approach to security today. Many security products have evolved only as point solutions to point problems. For example, antivirus software was developed because viruses popped up on computers, and firewalls were created because attackers attempted to break into networks.

As new attacks emerge, businesses are constantly encouraged to purchase "one more" security layer, especially by vendors pushing new technologies.

While this approach worked for a while, attackers have come too far, too fast. There are so many new threats today that organisations are unable to keep up by adding more security layers.

The result is that businesses spend too much money, time and resources to research, purchase, understand and deploy products that ultimately fail to address their needs. 

Security is Complex
Security guru Bruce Schneider once said, "Complexity is the worst enemy of security." The statement rings true of security in organisations today, as it too often seems that advanced security means it must be difficult to use.

It is often easier for engineers to build a feature that is hard to use than one that is user-friendly. Before Steve Jobs developed the iPhone with its intuitive interface, powerful smartphones existed and some of them even had more advanced features than the first iPhone model. It took uncommon vision to invent the iPhone and make sophisticated technology simple to use.

Security has also become complicated, due in part to the incomplete protection provided. If a product only addresses a small part of the problem, then the organisation is left with the task of figuring out how to ensure all the products work effectively alongside one another. Each product has its own console, terminology, polices and alerts, overwhelming IT professionals - especially in small and medium businesses (SMBs).

1  2  Next Page