Passwords are like underwear. You shouldn’t leave them out where people can see them. You should change them regularly. And you shouldn’t loan them out to strangers.

It’s funny when I see articles around security that focus on how Anti-Virus is the key to computer security. I know that yes, the risks from malware and virus-laden attachments are a pain in the butt for security professionals, and even regular computer users, but is A/V really the key to computer security? If you ask me, it’s really about education and process than anything.

Think about it, of the major security breaches over the years, how were they caused? Most of the time it’s because someone clicked on a link that ended up breaching the security perimeter. Or it’s because a stolen laptop contained personal information. You could argue that SQL injections are a form of virus/malware, but it’s really more a dedicated attack. I’m talking about old school malware/virus attacks. Where has endpoint gone?

I think the reason that endpoint is sitting on the backburner is that security professionals realize that there are better approaches to securing a network. Whitelabelling applications is an option which limits the risk of unauthorized network traffic, and some organizations use virtual desktops to limit exposure. But again, why are we not focusing on education?

I know it is hard to change behavior, probably more difficult than most security measures. But every day there is some news about a vulnerability or breach in the news. People by nature should understand that this is how things operate in the world. It’s easier to gain access to a system through an uneducated employee than to circumnavigate all the security controls in place. So why are we still struggling with this?

I’m curious to see how organizations are dealing with this common issue.

One thought on “Passwords are like underwear. You shouldn’t leave them out where people can see them. You should change them regularly. And you shouldn’t loan them out to strangers.

  1. Hi Andrea – really enjoyed reading your post.

    We at Symantec completely agree with you regarding the critical importance of education. How can an organization maintain a strong security posture if the majority of their employees are completely unaware of current cyberthreats? We recently conducted a poll with CSO Magazine and found that 71% of CISOs agree that people/employees are their ‘weakest links’ in defending against targeted attacks — which is why it is crucial that organizations adopt a defense-in-depth strategy in addition to building a security-aware culture across all levels and departments – this approach is the only way to ensure organizations are mitigating the risk of a cyberattack and properly arming themselves in the war against evolving threats.

    Cheers!
    – Piero

    Piero DePaoli
    Symantec Product Marketing

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s