Dark Reading's Top 10 IT Security Myths Demystified - Part 1

Submitted by Mike Rothman on Fri, 2006-07-21 14:37.
::

As I mentioned in this morning's TDI, Dark Reading put a stake in the ground by defining the "Top 10 Myths of IT Security." The link to the entire article is here. Having no pride, I figure I may as well jump on their coattails, add my two sense, and initiate some good discussion about some topics that I'm sure will create some passionate discourse. So without further ado, let's jump right in:

Myth #1: Epidemic Data Losses (link here)

"Let's all take a breath together: There is no data loss epidemic."

So the Dark Reading guys start off with a bang, that's for sure. They make this statement and then go on to reference the CSI/FBI survey to validate that security risks are going down. WRONG! Let me say that again WRONG!

Attacks are more targeted, so we are seeing less of the massive outbreaks, but I posit that more attacks are successful. We just don't know about most of them. And let's debunk the debunking of this myth: THERE IS A DATA LOSS ISSUE. The fact that is isn't a major, catastrophic issue is just by pure luck.

Millions of customers have had enough information compromised to be potential victims of Identity Theft. Has it happened yet? I don't know. Lots of folks have an issue, but it's hard to point back to one lost laptop, so to speak. And the idea that we've been losing stuff for years and now it's an issue because the Feds make us report it is just asinine. Because the status quo is to screw up doesn't mean we can/should accept it.

So, I give their first myth-buster an C. They are wrong, but the impact has not been felt or correlated back to these data losses.

Myth #2: Anything but Microsoft (link here)

"Nothing is bulletproof these days."

This one is better. Clearly Microsoft is a much bigger target, but that doesn't mean you should just buy a Mac (or use Linux) and not worry about anything. You still have other devices (servers, etc.) and data that can be compromised. Yes, I use a Mac when traveling. I think it is safer and definitely easier to use. It also gives me street cred with the Gen X crowd. OK, not so much. But what it isn't is bulletproof. Everyone should think layers and ensure that your network security posture is strong.

This one is better. B+

I'll be back next week to address a couple more of the myth-busters.