SECURITY BREACHES OCCUR MOSTLY AT COMPANIES WITH LAVISH SECURITY SYSTEMS
Ninety percent of high profile security breaches occur at companies with lavish security systems in place. So said Clifford Katz of Information Security Architects (ISA) South Africa at a Sun Microsystems security seminar held in Durban, Cape Town and Johannesburg last week.
He added that misconfiguration of security systems is worse than no security systems at all, as it gives a false sense of security. "If a company did not have any meaningful security infrastructure, they would at least understand their risks and manage them accordingly," said Katz. "By giving stakeholders a false sense of security, effective risk management is impossible.
"Without a practical security infrastructure - availability and posture &SHY; management security will not support business - it will hamper it. No amount of products will mitigate security. The reality is that management should understand the Œnew-era’ risks and manage them appropriately."
Katz also questioned how vendors explained system patches designed to address a weakness in a previous version of their product. Were they not secure before the patch?