Many companies are falling into an information security trap netting hundreds of thousands of dollars in wasted money, a leading e-security company has warned.
“Equipment vendors spend millions on marketing to make customers believe that their latest security gadget will make their world secure,” b-sec director Oliver Binz.
“It is not uncommon for organisations to spend hundreds of thousands of dollars on technology, based on the vague premise the security must be improved”.
But there are few obvious areas where money can be spent to good effect, Binz said.
“Typically these include a good firewall solution and anti-virus protection. However, once these simple objectives are achieved, many organisations focus on implementing more technology, and ignore other critical factors such as policies and procedures or application security, none of which need expensive boxes to fix,” Binz commented.
“A significant proportion of spending on information security is poorly targeted and ineffective”
“Many organisations are wasting money on ill-defined objectives when they could provide effective security for their organisation at a fraction of the cost”.
“This is one area where one size does not fit all,” Binz added.
Binz said that this means business managers should drive the security requirements and related spending in accordance with the requirements of the business, rather than relegating security to an overworked tech department looking for a quick tech fix for a more complex problem.