Gartner debunks security myths

As organisations embark on an information security management programme, they encounter a threat landscape that contains both real and perceived obstacles which distract them from business priorities, according to Gartner, Inc.

It is the perceived obstacles that cause organisations to direct their security investments to the wrong places, thereby lowering the value of their overall information security programmes.  Gartner research director Andrew Walls said security professionals need to qualify threats that are reasonably anticipated, and dispel those which are pure myths, misconceptions, or based on paranoia of the unknown. 

“While change remains constant and threats continue to grow and evolve, we can take stock of the situation and establish an understanding of the threat landscape,” said Mr Walls. “What we do know is that we cannot address all possible threats, but we can qualify the threats that are real and identify those that are not. This is an important step towards containing security costs.” 

Some of the most common myths about security include: 

• The hackers are winning; security is a retreating action
• Data breaches are increasing in frequency 
• Application and operating system security is the responsibility of the vendors – and they are working hard to protect us
• Regulatory compliance covers 100 per cent of the security needs for most organisations
• Hackers actually help the industry by finding problems and publicising them
• Security is there to stop business from doing anything 
• Quality of security equals money invested in security infrastructure and personnel