IT security threats are complex and evolve rapidly, but that doesn't mean we don't know the basic processes involved in keeping technology secure. So why do so many businesses ignore them?
Security picture from Shutterstock
Gartner analyst Earl Perkins poses that question fairly bluntly in a recent blog post, noting that there's little point in paying for outsourced security services or new tools if basic process discipline isn't in place:
Unless you take these first, basic steps, we cannot help you. As one recent publication reported bluntly, "you can't fix stupid". While it is not my intention to insult some of our readers, I need for this core idea to take root — if you're not willing to establish a basic cybersecurity foundation to counter the most common and predictable threats facing you, no expenditure on technology, process change, organisational change, or outsourcing will solve the more complex and challenging cybersecurity threats that are arising today.
Technology has an important role to play here, but well-defined processes — for everything from password policy to what happens when staff members leave the company — are equally vital. Hit the link for more of Perkins' thoughts.