Stupid Computer Security Myths, 'Dumb Ideas' Keep Enterprises at Risk
Software developers and enterprise IT departments are making computer security blunders every day because of myths, misconceptions and just plain "dumb ideas."Despite a growing awareness of security threats and basic security measures necessary to secure networks and data, many misconceptions and myths keep computer users and enterprises at risk, a security consultant said at a Kaspersky Lab event in New York City. While organizations are deploying firewalls, public key cryptography and complying with various security and privacy regulations, many of them are still hanging on to certain misperceptions, "falsehoods" and approaches that don't work, Charles Pfleeger, a security constant and principal of the Pfleeger Consulting Group, said in a keynote speech on Nov. 10 at American Cup 2012. Kaspersky Lab's educational event was jointly held with NYU-Polytechnic University in New York City. Some of the "dumb ideas" were myths held by nonsecurity professionals, and others were attitudes still circulating within the security community, Pfleeger said.
In 2005, Marcus Ranum, a chief of security for Tenable Security, published six "dumbest ideas in computer security," including the idea that hacking is cool and just patching flaws found in software products will make it more secure. While many of Ranum's points were valid, Pfleeger developed his own list of security mistakes that are made every day in organizations around the world. The security mistakes are generally the result of ignorance and limited time available to address issues, he said.