Research carried out by security firm Avecto (which specialises in Windows privilege management) has found that IT departments are making mistakes when it comes to their perception of the most important elements of an IT security strategy.
Avecto has uncovered a disconnect between the perceptions of IT staff and the reality of security, with its study which compared the strategies which IT departments believed to be effective against the Australian Department of Defence's (ADoD) Top 35 Mitigation Strategies report.
The latter, which was carried out in conjunction with the Ponemon Institute, is based on real-world data and serious cyber-attacks and vulnerability assessments carried out by Australian government agencies.
Andrew Avanessian, VP of Global Professional Services at Avecto, noted: "When it comes to security strategies, the perceptions of IT departments are wide of the mark. We want to help raise awareness within the security market to help decision makers prioritise the strategies that are truly the most effective."
The most gaping issues were found to be antivirus software and data loss prevention solutions, which were both ranked in the top ten of the most effective security measures by IT departments in Avecto's study, at ninth and tenth respectively. However, the ADoD report ranked these far lower at thirtieth and twenty-sixth.
Web content filtering and email content filtering were two further areas with a major disparity, ranked second and third by IT departments, but eighteenth and seventeenth by the ADoD.
Avecto notes that this means security budgets aren't being correctly spent, and are failing to focus on the most important areas.
The top four areas according to the ADoD report are application whitelisting, application patching, OS patching, and minimising admin privileges.
Avanessian commented: "It seems that IT professionals are opting for centrally managed technologies, perhaps because they are deemed easier to implement."
He continued: "In order to defend against advanced threats you need to have a defence in depth approach. Antivirus software was fine fifteen years ago, but with malware evolving at an incredible pace it's just not effective enough. With security budgets under constant scrutiny, every penny needs to be justified."