Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Avoiding The Seven Deadly Sins of IT
1. Kaseya IndustryAlert
Avoiding the
Seven Deadly Sins of
IT Security
A holistic, forward-looking and flexible IT security
strategy can help organizations avoid common pitfalls
and meet security threats head on in a cost and time
efficient manner.
www.kaseya.com
2. Deadly Sin #1: Ignorance
“Prevention is more important than detection.”
Crawford says that there is no sin greater than thinking you can prevent security threats from breaking into
your IT environment. Organizations need to recognize that they have already been penetrated, and malicious
code is waiting on a server, someone’s laptop or a mobile device to steal information or wreak havoc. Detecting
these threats is just as important as preventing them, and a successful security strategy needs to embrace both
strategies to keep the organization safe.
Situational awareness is key. Organizations need to know their current security posture, where the defenses lie,
where there are vulnerabilities and whether end points are patched and up-to-date on maintenance.A security
strategy that stresses prevention and detection will help you mitigate the effects of threats.
Deadly Sin #2: Unpreparedness
“We have anti-virus so we’re covered.”
Most security strategies are focused on specific threats, whether its antivirus, network security or phishing
attacks, but hackers today are sophisticated enough to evade conventional defenses. Organizations need to
better understand where the last line of defense stands and develop a comprehensive and holistic security
strategy that is able to break down the silos of defense and create awareness. Data flows freely throughout the
IT environment from systems to the network to the data center, and information needs to be protected at all
levels and stages.
According to Crawford, this is where IT systems management (ITSM) solutions come in.They have the
framework in place to follow data throughout the environment and the ability to embrace a holistic approach.
ITSM solutions already have processes in place to remediate issues in addition to providing defense and
awareness.
Deadly Sin #3: Neglectfulness
“We scan regularly for vulnerabilities.”
While scanning is a critical part of vulnerability management, it only covers the assessment and not the
remediation aspect of preventing attacks. Organizations also need an action plan to combat threats and bring
systems and the network back to normalcy. Crawford suggests the PDCA plan of action, which stands for Plan,
Do, Check and Act.
Scanning encompasses the planning and doing aspects of the plan, but organizations also need to monitor for
deviations in systems’ status and then have a plan of action that administrators can use to remediate issues.
According to a study conducted by EMA, organizations that define, follow and enforce policies report having
half as many instances that require remediation than organizations that are lacking enforcement mechanisms.
Deadly Sin #4: Short-Sightedness
“Our defenses are up-to-date.”
Organizations shouldn’t plan to just win the day; they need a forward-looking strategy that prepares them to
confront security threats that may come up in the future.The nature of attacks is changing daily—essentially
mirroring the changes in technology. Consider that viruses used to be spread on five and a half inch floppies.
Then they spread through the internet and email. Now the battleground is on social media and mobile devices.
Crawford says that organizations need to have the flexibility in action, insight and integration.What he means
Kaseya IndustryAlert | The Seven Deadly Sins of IT Security
...there is no
sin greater than
thinking you can
prevent security
threats from break-
ing into your IT
environment.
”
“
Most security
strategies are
focused on specific
threats, whether its
antivirus, network
security or phishing
attacks, but hackers
today are sophisti-
cated enough to
evade conventional
defenses.
“
”
Security is full of assumptions. Organizations think they’re covered, that their networks
are safe, systems are updated and that their critical data is protected. In actuality,
assumptions are dangerous, taking administrators off their guard while making users
complacent.You could even say that assumptions are sinful, causing actions and
reactions that put organizations, data and users at risk.
We asked Scott Crawford, managing research director for analyst firm Enterprise
Management Associates (EMA), to identify the Seven Deadly Sins of IT security and
how organizations can avoid these pitfalls.