1. Naïve Belief: Who is interested in my system? Nobody is going to attack me. I haven’t done anything bad to anyone, so why will they?
2. Believing Security can be bought: that magic device that I bought will take care of everything.
3. Trusting Anti-virus is enough to safeguard the system: Feel safe once installed.
4. Cleaning instead of prevention: Trying to clean the malware after it has already infected instead of putting in all the measures that could have avoided the malware infection itself.
5. Ignore proactive security measures:Not proactively assessing the security posture of the system in order to fix the loopholes and strengthening the system.
6. Not willing to take the hard step: patching and hardening is hard to do.
On the last point, yes, it is hard, because,
- Users are not aware what patches to apply
- It takes too long to download and install for each application
- It takes away time from the core work
- Not aware what the update might do
Hardening the security posture of the system, knowing the loopholes and applying the fix is a very effective and proven defense system. This requires a deeper or may be simpler, second look.