skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum view

Summary

Real security experts' key recommendations could fit on the back of a Post-it note. Unfortunately, the telecoms and IT industry is determined to press dated and overpriced antivirus apps on SMEs and consumers alike. There is a better way.

CSPs are selling a security model the professionals won't rely on for their own security

Not long ago, Google Labs researchers asked a sample of security professionals what precautions they took to defend their information security. Then they polled the general public. The differences were stark.

The single biggest recommendation from the experts was "patch, patch, patch." The public, however, trusted overwhelmingly in antivirus apps.

Two different models of security are at work here. The public sees security as a product, like a packet of cornflakes. You buy AV apps and you'll be OK. The experts see it as a consequence of sound IT practices in general. Keeping all your software up to date, using two-factor authorization, and minimizing password reuse are features of good systems administration, and security is inherent in them.

The experts are right – not only is AV unlikely to help you against phishing, browser exploits, or attacks on connected devices, it has become a security risk in itself, and an especially serious one because AV apps need to run with administrator privileges to work. Trend Micro, for example, has been the subject of more than 200 reported exploits since June 2016 across 11 products. Mozilla distinguished engineer Robert O'Callahan recommends chucking AV entirely.

In this light, it's depressing to look at most CSPs' security offerings. Consumers and small businesses are invariably offered resold AV applications. At the other end of the scale are bespoke consulting projects SMEs can't afford and don't need. There's a reason for this. Defining something as a one-off sale of packaged software means it's relatively simple to sell it. Like cornflakes. Again like cornflakes, the margins aren't great, but at least it's something.

We can do better than this. We know that SMEs are hungry for technology advice and effective IT support. The basic security discipline of the top three recommendations is exactly the kind of thing better IT support can deliver – and it fits closely with the wider agenda we need for success.

Appendix

Further reading

"'...no one can hack my mind': Comparing Expert and Non-Expert Security Practices." Available from https://www.usenix.org/system/files/conference/soups2015/soups15-paper-ion.pdf [accessed February 1, 2017].

"Hackers Tear Apart Trend Micro, Find 200 Vulnerabilities in Just 6 Months." Available from http://www.forbes.com/sites/thomasbrewster/2017/01/25/trend-micro-security-exposed-200-flaws-hacked/#7ad9d7b355d6 [accessed February 1, 2017].

"Disable Your Antivirus Software (Except Microsoft's)." Available from http://robert.ocallahan.org/2017/01/disable-your-antivirus-software-except.html [accessed February 1, 2017].

Author

Alexander Harrowell, Senior Analyst, SoHo & SME ICT Services

alexander.harrowell@ovum.com

Recommended Articles

;

Have any questions? Speak to a Specialist

Europe, Middle East & Africa team: +44 7771 980316


Asia-Pacific team: +61 (0)3 960 16700

US team: +1 212-652-5335

Email us at ClientServices@ovum.com

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Email us at pr@ovum.com

Contact marketing - 
marketingdepartment@ovum.com

Already an Ovum client? Login to the Knowledge Center now