The two most important ways to defend against security threats

Patching and security training programs will thwart attacks more effectively than anything else. You're already doing them. Here's how to do them better.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

An average of 5,000 to 7,000 new computer security threats are announced each year. That’s as many as 19 every day. The rate at which new threats appear make it difficult to decide which ones require your attention. It might surprise you that, while your competitors waste money on high-tech, expensive, and sometimes exotic defenses, you can get far more value by concentrating on just two things you already do.  You can spend less money and nothing you do otherwise will provide a better defense.

The two things you need to do better are not a secret. You already know you need to do them. You know from your own experience that what I’m saying is true. The data in favor of doing them is overwhelming. Still, most companies don’t do them well enough.

Change your security focus

Most computer security defenders focus on the wrong things. They focus on specific threats and what they did after hackers broke in, not how they broke in. There may be hundreds of thousands of unique software vulnerabilities and hundreds of millions of unique malware families, but they all share about a dozen different ways that they initially exploited an environment, including:

  • Unpatched software
  • Social engineering
  • Misconfigurations
  • Password attacks
  • Physical attacks
  • Eavesdropping
  • User errors
  • Denial of service

Focusing on and reducing these root exploitation causes will help you significantly defeat hackers and malware.

If you want to minimize computer security risk the fastest, identify the biggest root exploitation causes in your company that allow threats to do the most damage to your environment. Stop the biggest root cause and you stop every threat that uses that root cause.

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.