skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum view

Summary

Real security experts' key recommendations could fit on the back of a Post-it note. Unfortunately, the telecoms and IT industry is determined to press dated and overpriced antivirus apps on SMEs and consumers alike. There is a better way.

CSPs are selling a security model the professionals won't rely on for their own security

Not long ago, Google Labs researchers asked a sample of security professionals what precautions they took to defend their information security. Then they polled the general public. The differences were stark.

The single biggest recommendation from the experts was "patch, patch, patch." The public, however, trusted overwhelmingly in antivirus apps.

Two different models of security are at work here. The public sees security as a product, like a packet of cornflakes. You buy AV apps and you'll be OK. The experts see it as a consequence of sound IT practices in general. Keeping all your software up to date, using two-factor authorization, and minimizing password reuse are features of good systems administration, and security is inherent in them.

The experts are right – not only is AV unlikely to help you against phishing, browser exploits, or attacks on connected devices, it has become a security risk in itself, and an especially serious one because AV apps need to run with administrator privileges to work. Trend Micro, for example, has been the subject of more than 200 reported exploits since June 2016 across 11 products. Mozilla distinguished engineer Robert O'Callahan recommends chucking AV entirely.

In this light, it's depressing to look at most CSPs' security offerings. Consumers and small businesses are invariably offered resold AV applications. At the other end of the scale are bespoke consulting projects SMEs can't afford and don't need. There's a reason for this. Defining something as a one-off sale of packaged software means it's relatively simple to sell it. Like cornflakes. Again like cornflakes, the margins aren't great, but at least it's something.

We can do better than this. We know that SMEs are hungry for technology advice and effective IT support. The basic security discipline of the top three recommendations is exactly the kind of thing better IT support can deliver – and it fits closely with the wider agenda we need for success.

Appendix

Further reading

"'...no one can hack my mind': Comparing Expert and Non-Expert Security Practices." Available from https://www.usenix.org/system/files/conference/soups2015/soups15-paper-ion.pdf [accessed February 1, 2017].

"Hackers Tear Apart Trend Micro, Find 200 Vulnerabilities in Just 6 Months." Available from http://www.forbes.com/sites/thomasbrewster/2017/01/25/trend-micro-security-exposed-200-flaws-hacked/#7ad9d7b355d6 [accessed February 1, 2017].

"Disable Your Antivirus Software (Except Microsoft's)." Available from http://robert.ocallahan.org/2017/01/disable-your-antivirus-software-except.html [accessed February 1, 2017].

Author

Alexander Harrowell, Senior Analyst, SoHo & SME ICT Services

alexander.harrowell@ovum.com

Recommended Articles

  • Service Provider Markets, Consumer & Entertainment Services,...

    MWC 2018 Highlights

    By Ronan De Renesse 27 Feb 2018

    Over 20 of our senior Ovum analysts and consultants attended this year’s Mobile World Congress in Barcelona at the end of February. In between meetings, briefings and presentations, our analyst team were blogging and tweeting about key developments, trends and rumors. Have a look through our daily MWC 2018 Highlights to find out what happened.

    Topics 5G AI IoT Cloud Payments SDN/NFV Smart home

  • Internet of Things

    IoT Viewpoints 2018

    IoT Viewpoints explore the IoT opportunity in 2018 and beyond. Download our latest e-book to get our newest collection of thought leadership articles on the emerging IoT trends, technologies and opportunities.

    Topics IoT

  • Consumer & Entertainment Services

    US pay TV: Is it facing an existential threat?

    By Adam Thomas 28 Mar 2018

    With US pay TV having endured the worst year in its history, thoughts have inevitably turned to the future. The likelihood remains that the immediate future will remain highly uncomfortable for everyone except the scaled multinational digital platforms.

;

Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700


Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

Email us at ClientServices@ovum.com

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 788 597 5160 or email us at pr@ovum.com

Contact marketing - 
marketingdepartment@ovum.com

Already an Ovum client? Login to the Knowledge Center now