I’ve worked in the IT field for over 30 years. 20 of those years have been spent in the network security field, employed by some of the largest names in the industry. But to my family, I’m still just the guy who “works with computers”.
Many of my family are not computer savvy, which is a nice way of saying I had to teach them where the power button is. However, “Power Button Locator” is just one of my jobs. Windows won’t boot up? Call Chris (“You’re running on a dead battery, Gran”). Browser running slow? Call Chris (“You have 513 tabs open, Uncle Bob”). Windows 10 doesn’t look right? Call Chris (“I keep telling you, Dad, you have an iPad”).
I have an antivirus; I’m protected, right?
By far, the biggest question I get is, “I have an antivirus; I’m protected, right?”.
Of course, the answer to that is always the same – “Maybe”. They do have an antivirus installed, usually the one that came pre-installed. But they never update the signatures. Or they neglected to register. Or they didn’t realize they had to set up scheduled scanning.
In other words, they had the tool, but they didn’t know how to use it.
The same can be said of a lot of companies. They have the tool, but they failed to put a process in place to use them efficiently.
They have a vulnerability scanner, but they don’t have compliance software. Or they have compliance software but didn’t install a vulnerability scanner. The two are not the same. Each are used for different purposes, and while they may occasionally cross-over into each other’s territory, you’re only getting half the picture of your security if you don’t have both in your environment.
Sometimes they have both (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Christopher Minori. Read the original post at: https://www.tripwire.com/state-of-security/featured/missteps-customers-make-security-vulnerability-tools/