The three most important ways to defend against security threats

Patching, security training programs and password management will thwart attacks more effectively than anything else. You're already doing them. Here's how to do them better.

Current Job Listings

An average of 5,000 to 7,000 new computer security threats are announced each year. That’s as many as 19 every day. The rate at which new threats appear make it difficult to decide which ones require your attention. It might surprise you that, while your competitors waste money on high-tech, expensive, and sometimes exotic defenses, you can get far more value by concentrating on just three things you already do.  You can spend less money and nothing you do otherwise will provide a better defense.

The three things you need to do better are not a secret. You already know you need to do them. You know from your own experience that what I’m saying is true. The data in favor of doing them is overwhelming. Still, most companies don’t do them well enough.

Change your security focus

Most computer security defenders focus on the wrong things. They focus on specific threats and what they did after hackers broke in, not how they broke in. There may be hundreds of thousands of unique software vulnerabilities and hundreds of millions of unique malware families, but they all share about a dozen different ways that they initially exploited an environment, including:

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.