Businesses that invest in security technology alone will never be as secure as those that invest in people with a deep knowledge of their IT systems, says a security investigator.
Most organisations want to invest in products, not people, said Matthijs Van der Wel, head of the EMEA forensics team at Verizon Business told the ISSE 2009 security conference in The Hague.
Only people with intimate knowledge of IT systems and how they should work are able to identify anomalies that are indicative of cybercriminal activities, he said.
Businesses should consult people with this kind of knowledge in their organisations to define what anomalous activity would look like and then monitor for that, said Van der Wel.
Organisations should also ask these specialists to detail how they would target their own IT systems and then plan defences against those attack scenarios, he said.
There are also several other basic things that many organisations are not doing that could make it more difficult for attackers, said Van der Wel.
These include changing default passwords, avoiding shared credentials, testing applications, reviewing code, and using systems that will ensure smarter patch management, he said.