Skipping security is human nature

If IT managers skip security basics like patching applications and operating systems, it might not be apathy, but instead the result of the formula V = EC².

Chris Wood
(Credit: Stilgherrian/ZDNet Australia)

"A vulnerability is only a vulnerability when it gets exploited, someone cares about it and I'm going to get caught," said the formula's creator Chris Wood, regional director for Australia and New Zealand at security vendor Sourcefire.

"If those three things don't exist, then I have very little drive to [fix] those vulnerabilities," he said. IT managers instead focus on areas where there's more pressure, such as connecting the ever-increasing number of smartphones and tablets.

In this week's Patch Monday podcast, Wood explains his formula, and extends it with an IT version of psychologist Abraham Maslow's hierarchy of human needs, and uses that framework to explain how to support his call for more adaptive defensive techniques.

Wood's diagram of IT needs.
(Credit: Stilgherrian/ZDNet Australia)

He also waters down the panic about advanced persistent threats (APTs).

To leave an audio comment on the program, Skype to stilgherrian, or phone Sydney 02 8011 3733.

Running time: 22 minutes, 30 seconds