Security distractions derailing IT
Most companies don’t do what they need to do to reduce security risks. How do I know? Because I’ve consulted for hundreds of them.
They don’t patch their most attacked programs in a timely manner, and they do a poor job of teaching their users how to avoid social engineering attacks -- the two commonsense actions that would reduce their security risk most dramatically. Instead, they push for better passwords, smartcards, digital certificates, advanced firewalls, and so on. It's all good, but nowhere near as a high a priority as the top two.
So why don’t most companies prioritize the right stuff?
The short answer is that competition for IT’s attention misdirects leaders from the biggest threats and the best solutions. Here are the security distractions that pop up again and again. Read more at source
Consultar la fuente de esta información