Myths, misconceptions and paranoia must be dispelled before IT security can truly work for businesses, according to Gartner.
In time for the Gartner IT security summit held in London this week, Gartner research director Andrew Walls said that for organisations to face the threat landscape successfully, they need to ensure they know the difference between real dangers and those that are only perceived.
According to Gartner, some of the most common myths were that hackers were winning, with security retreating from the battle and that data breaches were increasing in frequency. Another myth is that vendors are responsible for application and operating system security, with Gartner claiming that the belief that such firms were working hard to protect us was not based on truth.
Walls said that the increasing demand for flexible security services and a limited security budget meant that businesses really needed to focus their energies on the real issues.
"This means that the security department must become adept at identifying the real treats to ensure that security becomes an enabler for business innovation, rather than an inhibitor," he said.
Other myths about security included believing regulatory compliance covered 100 per cent of security needs and that the amount of money spent equalled the quality of security infrastructure, Gartner said.
Gartner added that the belief that hacking was a good thing - by finding and publicising problems - was another misconception.
To face the real threat, Garner called on businesses to focus on managing their day-to-day activities rather than security technology and processes. It also said that businesses needed to be firm that at the end of the day, maintaining security was going to be a costly, but necessary, evil.
