Firms told ‘get away from the sales guy’ for better security

Organisations that want better security solutions should “get away from the vendor sales guy” as they are being “mis-sold” security technology with false promises, a channel player has told a cybersecurity conference in Ireland this week.

The Zonic PR security symposium in Dublin, held in conjunction with the annual IRISSCERT cybersecurity event, sought to address the key issues faced by companies as data security incidents proliferate.

Only this week, food delivery firm Deliveroo saw its app targeted by fraudsters to gain free food deliveries charged against the accounts of existing customers.

The Zonic symposium heard that as companies were spending more on data security to tackle such threats, organisations were still failing to fully address the issues. Jason Steer, solution architect, EMEA at anti-malware vendor Menlo Security, said: “Many customers still believe buying one product can solve everything, but it can’t.”

And Dennis Davis, founder of security software firm MyCrypt, which provides access control, identity management and data encryption, said: “Despite customers spending on security and making improvements, sometimes they are not going back to close existing holes in their systems.”

Carl Gottlieb (pictured), CTO of security solutions provider Cognition, told delegates that sometimes vendors themselves made too many promises. Gottlieb said: “Customers are being mis-sold security technology by the vendors. They should get away from the sales guy and do more testing on their systems themselves, to make sure they know what they are getting.”

He said: “The vendors that are not promising the earth are the ones that are gaining the most traction from customers.”

In the debate, vendors agreed that customers could not be relied upon to “do the right thing” when it came to data security. Lloyd Webb, from security software firm Cylance, said: “We are flogging a dead horse to ask the users to do the right thing, and you can’t blame them for that, as it’s about education.”

Cylance is one of a number of vendors who are offering security solutions with artificial intelligence or machine learning and automation built in, to reduce the administration burden of security professionals at companies when it comes tackling specific threats – the product does a lot of that for them in the cloud before those threats can breach network perimeters.

This is more important than ever. IT professionals network Spiceworks recently asked members whether the organisations they worked for are responding adequately to the heightened levels of cyber attacks.

It was found that less than a third (29 percent) of organisations have a cyber security expert working in the IT department, and only 7 percent have an expert in another department. In addition, under a quarter (23 percent) contract outside experts to help fill the knowledge gap, and over half (55 percent) of organisations don’t have regular access to any IT security experts at all.

It was also found that 67 percent of IT pros do not have any security certifications. Spiceworks questioned over 600 of its members in the UK and the US for its research.

@AntonySavvas