Actually the article I was looking at was called: The 4 Biggest Mistakes Businesses Make Trying To Secure Endpoints. However, a major part – in my opinion – is not only true for the endpoint but for security in companies as such:
- Underestimating Human Error: Well it starts with the administrator who is taking wrong decisions to the architect to…. It is not just about the end user opening a phishing mail
- Passing all Responsibility to the IT Department: That’s actually an interesting one. I completely agree but why do we see then a lot of CSOs reporting into the CIO? That’s fundamentally flawed in my opinion. I am still convinced that in most cases – especially in today’s threat landscape – the CSO has to be as close to the CEO as possible if not a direct report. Security is a business risk and has to be addressed that way.
- Superficial Protection: How often is technology deployed which claims to be the silver bullet for a given problem? Often it can only be a puzzle piece to an overall risk approach. When you talk to people like our Fusion X practice who are doing real attacks (not only penetration tests), they are not really impressed or slowed down by your anti-virus solution you deployed.
- Thinking That Compliance Is the Same as Security: That’s a classical one and again is much, much broader than the endpoint. Compliance does not bring security but good security brings compliance.