Security vendors are constantly bringing out new offerings aimed at protecting organisations from the ever growing threat of cyberattacks. But it's not a numbers game and snapping up all of the latest and "greatest" security products won't guarantee your business will be protected from cybercriminals.
Padlock on paper image from Shutterstock
Yisroel Hecht is the former chief information security officer for the City of New York and an associate commissioner of IT security at the NYC Department of IT and Telecommunications. He noted that security vendors are an opportunistic bunch. They are constantly on the lookout for companies to sell their wares to by exploiting their fear of becoming cyberattack victims, he said.
For those who do frantically buy up new security offerings, they are not doing themselves any favours. In a blog post, Hecht said adding more products in an attempt to stave off cyberattacks is counterproductive:
Corporate executives are in a panic to maintain their company brand and are, thereby, compelled to invest extensively in new products to enhance their cybersecurity posture. Unfortunately, many organisations lack the expertise in understanding how to countermeasure the ever-emerging, dynamic and evolving cyberthreats, so they continue to layer their environment with additional security products. This approach creates more complexity in securing their digital assets and, consequently, renders new opportunities for adversaries to compromise their business.
The security market is flooded with new products that are point solutions which require customers to integrate them into their existing IT infrastructure. This increases overhead and complexity and can significantly diminish the effectiveness of the products, he said.
Before procuring new security solutions, IT executives should have a clear understanding of the gaps in their organisation's information security capabilities, according to Hecht. They need to remember that security is achieved through a blend of people, processes and technology.
"Organisations need to tackle this cyber challenge holistically within their establishments through a bottom-up approach with executive leadership support," Hecht said.
[Via Palo Alto Networks blog]