FEATURE NEWS

Don't Bankrupt Your Company in the Search for Absolute Security

By

Vendors will try to scare you to death to sell you their products. Don’t fall for it, says an IBM vendor who sells security systems to military groups.

At the Hot Topics in Tech track at ITEXPO in Fort Lauderdale yesterday, IBM security evangelist Westley McDuffie invoked Dwight Eisenhower when he told the assembled crowd that the desire to achieve absolute security might very well bankrupt your company.

“I preach the gospel of security,” McDuffie says. He works with nations and governments, rather than corporations and businesses. “The difference is, if you mess with my clients, they can kill you.”

McDuffie used statistics to reinforce his claim that vendors will sell you what you don’t need. He says 75% of security threats can be attributed to internal attacks. But he notes that most of those internal issues are the result of carelessness, rather than an attempted attack.

He says less than 1% of security issues arise from targeted attacks. Vendors still try to sell you on protection against zero-day, which accounts for less than 0.1% of security issues.

McDuffie offered a few military-type tips for improving your IT security without breaking the bank:

  • Align your security risks with your corporate goals, not the other way around. Don’t let the tail wag the dog, he says. When security concerns get in the way of making money, corporate goals aren’t being pursued.
  • Adjust your change of control procedures. Do you complete change-of-control functions over the weekend? McDuffie says push that to Thursday, so your chief technician – not the weekend guy - is on duty, just in case.
  • Spend the money when you need to. McDuffie says governments aren’t afraid to spend, while corporations limit their IT security outlays to around 7% of their budgets. Can you afford to spend a little more than normal?

McDuffie stressed that proper security involves applying the proper procedures, over and over. “Security is something you do, not something you have,” he says.

It doesn’t help to let fear rule your decision making. “Fear, uncertainty and doubt run rampant in the world,” he says.

Don’t let vendors sell you the “Swiss knife” solution, or the magic bullet that will solve all your security concerns. The complete security solution doesn’t exist, he says, and if it did, you probably couldn’t afford it.




Edited by Erik Linask
Author Info
Bill Yates

Communications Correspondent

Click here to read full bio

SHARE THIS ARTICLE
Share
Related Articles

Generative AI Expo Launches as Newest Event in the ITEXPO #TECHSUPERSHOW

By: TMCnet News    1/27/2023

Generative AI Expo is the starting point for you research the countless potentially game-changing pillars that may solidify generative AI as THE indis…

Read More

Can Machine Learning Models Help Fight Cybercrime?

By: Contributing Writer    1/25/2023

A machine learning model is a mathematical representation of a system or process that is trained to make predictions or decisions based on data. It is…

Read More

What Are the Risks of Continuous Deployment?

By: Contributing Writer    1/25/2023

Continuous deployment (CD) is a software development practice where code changes are automatically built, tested, and deployed to production without h…

Read More

The Benefits of Implementing a Master Data Management Platform

By: Contributing Writer    1/19/2023

A master data management (MDM) platform is invaluable for any business. By centralizing data into one cohesive system, companies can improve their ope…

Read More

What Is an SBOM and Why Is It Critical for Software Compliance

By: Contributing Writer    1/17/2023

An SBOM, or software bill of materials, is a list of all the components and dependencies that make up a piece of software. This can include things lik…

Read More
View All News