Let us start with a concrete example: a standard IT security practice suggests installing a firewall to protect a server farm. The firewall, however, only hides certain services; once an attack has occurred, it does not help hold back sensitive data. Imagine, therefore, that you have only updated Linux servers responding only to SSH and HTTPS requests. A firewall will not only add nothing to your defense, it will waste economic resources that you could use better elsewhere.

The most powerful security system on the market can be completely useless in some cases. To choose the right one, several aspects must be considered:

  • The more protected we feel, the less we try to understand: too many people rely passively on IT security systems, without thinking that to defend ourselves we must first understand what the threat is and who the enemy is. Otherwise, the risk is building a trench to defend against an air attack!
  • Do not overestimate your defense: reaction times for those who design IT security products are slower than changes in attack strategies used by crackers. After all, the fight is unequal: developing a single effective product requires millions of dollars, while launching a high-profile attack may take only a few months of work.
  • Attacks evolve very quickly: the current trend is to layer different levels of protection. These systems, however, tend to focus too much on the network and not on protecting applications and sensitive data, which are almost always the real target of attacks.
Remember, then, to carry out a preliminary analysis of threats and vulnerabilities before making a purchase: you will still buy something, but it may not be what you initially planned.

Want to know how exposed your website is?

EasyAudit WEB checks websites, portals and e-commerce with a professional external audit designed for SMEs.

Discover EasyAudit WEB