The single greatest deterrent to best security practices is user behavior.

The second greatest deterrent? Management behavior.

There is a little discussed, but very common phrase deep in the bowels of IT consulting organizations, and some large end customers. To paraphrase an indelicate line: “You can’t fix stupid or lazy.”

Harsh? Maybe so.

Yet too often, we see security incidents that were completely preventable if an organization had properly followed highly publicized procedures, and staff had followed proper protocol.

I don’t know what the statistics are on this, but I would wager that over half of all security incidents, major and minor, were inexpensively preventable.

It is impossible to perfectly secure an organization. We should all know that by now. But ignoring vendor notices, published patches, and best practices is a surefire way of inviting evildoers into your data center.

Case in point, the recent spate of ransomware attacks, highlit by the Windows Server 2003 security hole exploit last week.

Windows Server 2003 is still being used, even though it lost Microsoft’s product update support over a year ago. Sadly, this isn’t surprising to us. Many companies continue to run out of date, and unsupported products today.

In part, this is due to the perceived cost of upgrading, the perceived down time of applying patches, or just overworked and understaffed IT departments.

By some accounts, Windows Server 2003 still commands 18 percent market share, with another report claiming some 50% of organizations had at least one instance of it running.

One can only guess what motivates a company to ignore critical patches, and delay upgrading.  In our experience, cost and lack of resources are the most commonly cited reasons. While disruptions to ongoing production is another often quoted excuse.

Yet no one doubts the cost of major unplanned down time in the event of an outage, or security incident.  Not to mention the loss of goodwill, dollar damages, and more.

In no uncertain terms, we must encourage increased diligence with server patching, and a renewed focus on user training, especially around phishing scam awareness.

For more information on these, and related topics, reach out to me at chuck@txmq.com.

Chuck Fried is the President and CEO of TxMQ, Inc. An IT consulting firm helping mid market and enterprise customers better secure and manage their enterprises. Follow him on twitter: @chuckfried

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Economic Theory and Cryptocurrency
  • Facebook
  • Twitter
  • Google+
  • Pinterest
  • Gmail
  • LinkedIn

Economic Theory and Cryptocurrency

In a rational market, there are basic principles, which apply to the pricing and availability of goods and services. At the same time, these forces affect the value of currency. Currency is any commodity or item whose principle use is as a store of value.

Once upon a time, precious metals and gems were the principle value store used. Precious jewels, gold, and silver were used as currency to acquire goods and services.

read more

Pin It on Pinterest

Share This