3 Reasons Why Computer Security Fails

Discover the main culprits behind security incidents

Lack of Awareness

In their day-to-day routine, regular users aren't actually aware of computer security implications until something wrong actually happens. To be more specific, you can't realize the magnitude or the impact of cybercrime activities before having your e-mail account hacked or your on-line banking session intercepted and accounts emptied. It's pretty much the same as with car accidents – you hear people talking about them, you see them on TV and read about them in newspapers, but until you are effectively involved in one (God forbid!), you don't know what they’re all about.

Attacks aiming to exploit security breaches are more likely to target public or private organizations, rather than individual users (the stakes are higher with the former). As usually businesses operate with  networks rather than with standalone workstations, the possibility of their being entirely compromised increases in proportion to several factors, some of the most important being: the number of users, users’ degree of computer security literacy, the nature of the defense policies in effect, the architecture of the security strategy at work and, last but not least, the type of organization and its activities. Just open the technology section of any newspaper or search the Internet and you will get a pretty clear picture about…

Misunderstanding Computer Security

Once awareness of today's security risks is raised, the appropriate strategy that matches the specific security needs of the business should be applied next. Technically speaking, there are three major rules of thumb which could offer a good starting point for any company (and individual, for that matter) in tailoring its data security choices. Disregarding any of them means creating the opportunity for a potential breach.

First off, any protection is better than no protection at all. When dealing with e-threats, having no defensive solution installed on a system is like leaving all doors and windows wide open while you are on vacation.

Second, protection should be chosen based on security necessities – that is although they struggle with the same e-threats, home and corporate users may have slightly different expectations in this respect.

Third, there is no such thing as “enough” security. This implies that security is a continuous process, rather than the simple installation of an antivirus on a computer. It’s a permanent application of on-line safety principles as well as the capacity to anticipate and respond to newly emerging e-threats. At least from this point of view, security is a mid- to long term investment and it does not end with the deployment of a simple defensive solution.

Neglecting the Human Factor

Probably the most important reasons of all is the human factor. The reduced level of awareness, the lack of IT&C security education and the absence of security policies reinforcement, especially in the public sector and large corporations are responsible for most of the damages, both in terms of compromising systems and networks, but also when it comes to disclosing sensitive data, information theft and even malware dissemination.

About the author


With a humanities passion and background (BA and MA in Comparative Literature at the Faculty of Letters, University of Bucharest) - complemented by an avid interest for the IT world and its stunning evolution, I joined in the autumn of 2003 the chief editors' team from Niculescu Publishing House, as IT&C Chief Editor, where (among many other things) I coordinated the Romanian version of the well-known SAMS Teach Yourself in 24 Hours series. In 2005 I accepted two new challenges and became Junior Lecturer at the Faculty of Letters (to quote U2 - "A Sort of Homecoming") and Lead Technical Writer at BluePhoenix Solutions.

After leaving from BluePhoenix in 2008, I rediscovered "all that technical jazz" with the E-Threat Analysis and Communication Team at BitDefender, the creator of one of the industry's fastest and most effective lines of internationally certified security software. Here I produce a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases. Every now and then, I enjoy scrutinizing the convolutions of e-criminals' "not-so-beautiful mind" and, in counterpart, the new defensive trends throughout posts on www.hotforsecurity.com.

Balancing the keen and until late in night (please read "early morning") reading (fiction and comparative literature studies mostly) with Internet "addiction", the genuine zeal for my bright and fervid students with the craze for the latest discoveries in science and technology, I also enjoy taking not very usual pictures (I'm not a pro, but if you want to see the world through my lenses, here are some samples http://martzipan.blogspot.com), messing around with DTP programs to put out some nifty book layouts and wacky t-shirts, roaming the world (I can hardly wait to come back in the Big Apple), and last but not least, driving my small Korean car throughout the intricacies of our metropolis's traffic.