CSOs urged to dispel security myths

Gartner warns of damaging misconceptions

Security professionals are accused of 'chasing phantasms' when it comes to protecting sensitive data

Information security professionals are often too easily distracted from their roles by myths about the nature of threats facing their organisations, according to analyst firm Gartner.

Analyst Andrew Walls said at Gartner's annual IT Security Summit in London today that these misconceptions can often lead to organisations investing in the wrong security programmes.

Walls maintained that it is up to IT security professionals to identify which threats are real and which are not, enabling their own function to become viewed as a strategic business enabler rather than a tactical reactionary control.

"Lots of them spend time chasing phantasms. Ideas like 'the hackers are winning' are patently false," he argued. "Hackers have to constantly innovate and find new ways of attack because security is forcing them to be more creative."

Other security myths according to Walls include the suggestion that data breaches are growing in frequency, when in fact it is only their disclosure which is increasing, and that the quality of your security systems is determined by how much money is spent on them.

“Business managers are focused on the bottom line and don’t want anything to distract them,” said Walls. Security professionals must debunk these myths so people understand that security is actually making them more profitable and … is an enabler.”