Senior Security Advisor Rik Ferguson has spoken out against too great a trust in traditional security tools at the cost of unsafe practises
[ClickPress, Tue Jun 22 2010] As part of a recent security-awareness drive from internet security company Trend Micro, Senior Security Advisor Rik Ferguson has spoken out against too great a trust in security tools at the cost of unsafe practises in a pair of video interviews recorded recently.
Speaking to ZDNet, Ferguson asserted that traditional Anti-Virus testing doesn’t offer consumers and business decision-makers a realistic representation of the modern threat environment. The most common way in which machines get infected is via the Internet, yet traditional tests are conducted in an isolated, ‘lab’ environment, disconnected from the Net.
This doesn’t just mean that the tests aren’t actually testing the software’s ability to resist threats along their most likely attack vector: it also doesn’t acknowledge the speed and versatility required in the real world.
In a second interview, published by CBROnline, Ferguson noted that a very human flaw provides the Achilles’ Heel in the security provisions of many business:
“When we talk about IT, we tend to be very good at the ‘T’, because it’s easy to operate tactically. Make a list of holes, then buy or install a program to tackle that. What we’re not so good at is the ‘I’. We don’t know what information we have; where it resides; who should be empowered to view, edit or move that information. That’s hard stuff.”
Trust in anti-virus software often shows a negligent attitude to the overall picture when it comes to security, Ferguson says. By concentrating on the perimeter, on what happens after a machine – or network – has been compromised, organisations risk not paying attention to the strategies and protocols that might prevent attacks happening in the first place.
Ferguson suggested that responsibility for information security needs to move away from being a problem for the IT department. Only when company executives come to view the integrity and privacy of information as not just their affair, but their responsibility, are conditions likely to improve, he added, noting that current legal provisions for punishing companies for allowing confidential data to be stolen need to be strengthened.
With the aim of generating ongoing discussion, a series of articles around current security issues, including a series of IT security polls, have also been recently published on The Register’s Security That Fits Online workshop.
Trend is keen to hear from Web security bloggers writing about the issues highlighted above - for further information, please contact: email@example.com.
About Trend Micro:
Trend Micro Incorporated, a global leader in Internet content security, focuses on securing the exchange of digital information for businesses and consumers. A pioneer and industry vanguard, Trend Micro is advancing integrated threat management technology to protect operational continuity, personal information, and property from malware, spam, data leaks and the newest Web threats. Visit TrendWatch at www.trendmicro.com/go/trendwatch to learn more about the latest threats. Trend Micro’s flexible solutions, available in multiple form factors, are supported 24/7 by threat intelligence experts around the globe. Many of these solutions are powered by the Trend Micro™ Smart Protection Network™ infrastructure, a next-generation cloud-client innovation that combines sophisticated cloud-based reputation technology, feedback loops, and the expertise of TrendLabsSM researchers to deliver real-time protection from emerging threats. A transnational company, with headquarters in Tokyo, Trend Micro’s trusted security solutions are sold through its business partners worldwide. Please visit www.trendmicro.com