Businesses that invest in security technology alone will never
be as secure as those that invest in people with a deep knowledge
of their IT systems, says a security investigator.
Most organisations want to invest in products, not people, said
Matthijs Van der Wel, head of the EMEA forensics team at Verizon
Business told the ISSE 2009 security conference in The Hague.
Only people with intimate knowledge of IT systems and how they
should work are able to identify anomalies that are indicative of
cybercriminal activities, he said.
Businesses should consult people with this kind of knowledge in
their organisations to define what anomalous activity would look
like and then monitor for that, said Van der Wel.
Organisations should also ask these specialists to detail how
they would target their own IT systems and then plan defences
against those attack scenarios, he said.
There are also several other basic things that many
organisations are not doing that could make it more difficult for
attackers, said Van der Wel.
These include changing default passwords, avoiding shared
credentials, testing applications, reviewing code, and using
systems that will ensure smarter patch management, he said.