The unending evolution of technology also means that new threats are emerging each day.
Cybersecurity is one of the most fundamental aspects of businesses operating today. Companies have finally started to invest in cyber insurance, cyber defence and cyber training and information security awareness. However, despite all of the focus on making businesses cyber secure, there are various myths about cybersecurity that should be avoided. Here are some of the cybersecurity myths you need to stop believing right now:
Our organisation is a start-up and too small for a cyber-attack
This is one of the most prevalent cybersecurity myths that need to be debunked immediately. Most Small and Mid-Sized businesses think that they are safe from any kind of digital threats because they’re ‘off the radar’. However, a number of these business have been hacked before and not been able to recover or even detect an attack. Well, hackers don’t care about the size of your organization to target it. Of course, there are some who’d prefer to hack the biggest financial institution, but most hackers would settle for smaller businesses. Especially when they think that they are safe and don’t invest in better a security system, they get hit. Cyber-attacks increased by 59% in 2018 reports say. Is your business safe? SiteLocks reports that more than 330 bots carried out the average of 62 daily attacks in 2018. These attacks resulted in a consistent 1% rate of infected websites.
One percent seems small. But remember, it translates to 17.6 million websites globally at any given time. Always be cautious, it doesn’t matter if you have few employees or more, your business is at risk of an attack.
Using your own device is safe and cost saving to the company
Almost everyone has more than one smart device, right?
And it’s definitely a cost-effective system to have your employees bring in and connect their personal devices to your organization’s network, this comes with an IT risk. Most employees have a bunch of personal devices ranging from a smart watch, notebook, pro-book, laptop to their smartphone and when they connect to your network, it also becomes a whole new entry/access point for black-hat hackers. It only takes one weak link to bring down the entire network. So, make sure that all users adhere to your cybersecurity policies before they can use their personal devices. Such policies include; BYOD (Bring Your Own Device) Policies, Internet Use Policy, Acceptable Use Access policy and information security policy. Do you connect devices to the network automatically or you have change management controls in place?
Our End-Point application is robust
There is no end-point (anti-virus or anti-malware) that can keep your system safe from all types of cyber-attacks. This software relies on a large database that has information about all the malware/viruses out there. However, if the hackers use a new kind of malware to infect your network or computer, then there’s a high chance that this end-point software won’t be able to detect those. So, don’t solely rely on such software. They are only the first line of defence for your system and you should always have multiple defending options available. Caution: don’t run 2 end-points of the same system at the same time.
Our passwords are well configured and are strong
Most people think that their regular passwords are strong enough to stand against multiple break-in attempts. However, that’s a wrong mentality right there. No password can be 100% secure, no matter how many numbers and special characters you use in your passwords, there’s always a possibility that they can be cracked or leaked in some way. Therefore, it’s very important to keep changing your passwords on a regular basis. It could be weekly, bi-weekly, or monthly, but you need to regularly change your passwords, and configure your AD to automatically allow passwords to expire after your preferred period to have your employees change them accordingly.
Our cybersecurity system is 100% perfect
No way! You can never be too sure about your cybersecurity ever. Technology is advancing with each passing hour. The unending evolution of technology also means that there are new threats emerging each day. So, your cybersecurity system that was top-notch yesterday, could be entirely obsolete today or in the future. For this reason, you need to constantly adapt newer cybersecurity policies and practices to avoid any mishaps.
Threats are only external
Most people will tell you that cybersecurity threats come from the outside. Some hackers sitting in a dark basement trying to hack into your organization’s network. But, they cannot be any more wrong. Most of the cyber-attacks, nearly 75% of data breaches are a result of someone on the inside, says research. A disgruntled employee, an ex-employee with a grudge, guest accounts left active or just an ignorant user on your network can grant access to your entire organization’s data resulting in a massive data breach. It’s always a good idea to train your employees and teach them about cyber threats.
Information Security Department is responsible or “we have cybersecurity experts in our organisation”
Well, normally it’s their job to implement and review policies, but they cannot take care of everything. The responsibility lies on each employee’s shoulder when it comes to cybersecurity. If the employees aren’t properly trained then they will end up downloading malware through emails or unsafe websites. There should be easy-to-understand training and clear policies regarding cyber safety. If your employees aren’t trained, they could unintentionally open up your organization to potential threats.
Our industry doesn’t have any cyber threats
Every industry is at risk. The internet is not a safe place for everyone. If you are connected to the internet in one way or another then you are at risk of getting digitally attacked. You may believe that only tech or finance industries are prone to cyber-attacks, but that’s not entirely true. Every business that deals with data information is a candidate for an attack.
Beware! Hackers target whatever they can, whenever they can. Even if you don’t have an e-commerce website, there’s still the risk of someone breaking into your organization’s network and cause disaster.
No need for cyber security training
This could be the most dangerous and fatal myth out there. Some people think that watching a couple of YouTube videos or reading a few cybersecurity-related articles will bring them up to speed with all the risks and counter-measures. They often forego any testing or training which seems to be expensive, yet this could prove to be fatal for the company
You need to regularly conduct vulnerability assessments and penetration testing to find any vulnerabilities and fix them continuously. You can have all the right cyber security strategy in the organisation but if you don’t have the right culture of training and periodically carryout pen-tests, you may not achieve the target threshold for a desirable secure cyber environment. Attackers use social engineering to refute this myth.
Threats can be detected right away
This would’ve been true almost a decade ago when viruses would slow down your computer, load pop-ups, and give you a blue screen. However, today’s malware is more refined. Most sophisticated viruses sit on your computer, avoiding any detection. These viruses can do massive damage which could be data leaks, spy and sensitive information leaks, etc. how often to do carry out regular checks to find any infections on your systems right away? Is this process automated or manually done?
In a nutshell
The cyber supply chain has removed the traditional security perimeter as businesses are adopting cloud computing, mobile banking, IoT technologies, and invest in third party business relationships. There’s no such thing as 100% or perfect security. An agile and commercially realistic approach is essential for the growth and innovation required to thrive in the tech world. You need to stop believing these cybersecurity myths and up your cyber defences. Prepare for the worst by planning for a cyber-attack.
This article was originally published on here by Veronica Rose, a certified Information Systems Auditor and an Author.
