Five myths of implementing IT security: Why it won’t be your next IT headache

Many organisations believe that implementing comprehensive IT security to protect themselves against today’s sophisticated threats and attacks is a difficult and expensive task, and that the benefits of replacing their current solutions (even if highly ineffective) is seldom worthwhile.

This mindset has resulted in many businesses dealing with a virtual patchwork of disparate systems that are time consuming to manage and costly to keep running at a high-level of performance. And more importantly, they are ineffective, leaving them vulnerable to cyberattacks.

Simply put, such myths and misconceptions are false; they are holding organisations back from implementing effective security solutions which can be a better fit for their individual IT security environment.

This article aims to set the record straight by debunking five myths about implementing IT security, so that organisations considering a change can stay ahead of today’s ever-evolving threat landscape by ensuring that their security infrastructure remains cutting-edge.

Myth 1: I Have a Secure Environment. All a Change Will Do is Cost Me More Money

This is a pretty common assumption. However, this is not necessarily always the case for two primary reasons: 1) changes do not necessarily cost more – in some cases the total cost can be lower, and 2) not all security technologies have the same ability to stop attacks – some simply have sub-par efficacy. When we are speaking with a customer or a prospect about their IT security experience, we ask them if they have had a clear record with zero IT security incidents over the last year. More often times than not, the answer is a no. However, despite the fact that businesses are dealing with an increase in malware, phishing attacks and other threats, the answer should and can be yes. This is not to say that everyone can achieve impenetrable security, but rather that we can reduce such instances to being extremely rare events.

This leads to a few important questions that many businesses fail to ask themselves when contemplating a security implementation: What is the business case for making a decision to either stay with what I have or make a switch? Is the time and money being spent to help prevent a cybersecurity incident worthwhile? Are we free to work on other things?

When evaluating these questions, it is important for organisations to know that not all solutions are created equal. Saving money now by implementing a cheaper (or “free”) solution may seem like the best course of action in the short term, but over time it almost inevitably results in additional costs associated with increasing security in other areas to compensate, time spent managing the solution, or in the worst case scenario, experiencing a cyber security attack because the solutions implemented don’t catch everything they should. Businesses need to look into the efficacy of solutions they are considering to choose the best option that will keep the bad guys out and their business running smoothly.

Myth 2: Cut-over Activities Will Cause Downtime and Will Leave My Organisation Vulnerable to a Cyber Attack

Any organisation that is making the investment to implement a new security suite understands the risks that today’s threat landscape pose to businesses of all sizes and the importance of having the most effective protection available. They know that by leaving their organisation even momentarily exposed, that they open up the possibility of a cyberattack stealing financial information, intellectual property and other data with the outcome becoming a crippling blow to the organisation.

The mistake some people make is that they believe such an opening is inevitable when you’re switching technologies. Instead, they should realise that the exposure comes not at a mythical moment at the time of cutover, but every single day that they have a sub-par technology in place.

The truth is that a well-organised and planned out implementation that requires a rip-and-replace can be conducted and completed without leaving the organisation open to an attack at any point. Switching from an old security system to a new solution can and should be done by replacing the incumbent product with a fully functioning product simultaneously. In addition, policies should be reconfigured before the rip occurs. By following these guidelines, organisations will ensure that its new solution is up and running properly without experiencing downtime that will leave an organisation vulnerable to an attack.

Myth 3: The End-User Experience Will Be Negatively Impacted

If a security implementation is planned properly and uses the right tools, then this becomes yet another myth. Proper planning is important for any security implementation, but a rip-and-replace requires even more careful planning to ensure a smooth transition without user intervention.

One way to avoid impacting the end-user experience is by conducting major activities associated with an implementation during off-hours. This includes the removal of current security solutions and installing the new product on user PCs. Automating the process of rip-and-replace using the proper tools also prevents the need for employees to manually install and reboot their system to ensure that their system is protected. Another benefit with an automated process is it ensures that the new system is installed properly on every workstation without having to rely on individual end-users who are not security professionals to properly install the new security solution.

By performing these activities automatically and during off-hours, employees are able to operate as they would normally without experiencing any degradation to system performance.

Myth 4: Implementing a New Security Solution is One More Manual Process for my IT Team to Manage… I Don’t Have Time for That!

This is a very understandable concern. Many business leaders are worried that an implementation of a new security suite requiring a rip-and-replace will cause a strain on their already extremely busy IT department, taking their attention away from focusing on other mission-critical IT projects.

However, this doesn’t always have to be the case. Today, it is possible to manage the implementation through a single console, making this process easy on an IT team. Organisations can easily remove the incumbent solution from all workstations and simultaneously implement the new solution, all the while managing the process from a “single pane of glass” view for all elements of IT security. This strategy also eliminates the hassle associated with patchwork security that is harder to manage and in most cases, costs an organisation more money to operate.

Myth 5: The Job is Done... I Guess We’re On Our Own Now

While this myth is true for some software vendor solutions, it needn’t be the case. First and foremost, any cyber security company providing a security solution should provide an organisation with free basic support during business hours. And for those organisations that want higher levels of support, they should have the option of purchasing at a level that offers them the right amount of support at the right times to suit their business needs.

Another factor to consider is that automatic software updates are a key component when choosing the right security solution. Keep in mind that some companies offer more frequent updates than other providers. This is another reason why the efficacy and reputation of a security vendor is critical when deciding which provider is best for a business’ unique security environment.

According to the PWC Global State of Information Security Survey 2015, companies across all industries worldwide have reported a total of 42.8 million detected attacks in 2014. That’s a 48 per cent increase in incidents since 2013. Sophisticated attacks are on the rise and while a security implementation, especially one that requires a rip-and-replace, can seem like a daunting task for any business, it is more important now than ever before to make sure that an organisation’s security infrastructure can protect against a cyberattack.

With proper planning and understanding that the myths associated with a security implementation aren’t always the truth, an organisation can realise the benefits of an efficient and powerful security solution that will provide advanced protection against known, unknown and advanced persistent threats.

Kirill Slavin, General Manager of UK and Ireland at Kaspersky Lab

Image Credit: Manczurov / Shutterstock