If we look at the world of cyber security through the eyes of the media, it’s a pretty frightening view. We hear story after story of security breaches hitting major companies and the subsequent data leaks that follows affecting thousands of people. It’s enough to fill any business with trepidation.
It’s these fundamental security myths that cause organizations to incorrectly assess threats, misallocate resources and set inappropriate goals. Dispelling those myths is key to developing a sophisticated and appropriate approach to information security.
So, what are these myths exactly?
1. Cyber security is an issue for the IT department.
There is no doubt that cyber security comes largely from implementing appropriate technical controls to safeguard information held within an organization. However, the biggest issue today is in regard to the users of the systems where this information is held.They represent the biggest risk either through intentional actions (a disillusioned member of staff for example) or by accidentally doing something unwise.
The recent Verizon report on data breach investigations found that 63% of confirmed data breaches involved weak, default or stolen passwords. nother study by CompTIA, human error accounted for 52% of the root cause of security breaches.
Educating staff to not open attachments or to not click on links within emails is one of the most important areas for organisations to concentrate on today. Whilst it is possible to put technical controls in place to stop attachments or links being accessed, it tends to be at a high cost to the efficiency of staff and so is often not appropriate.The risks from cyber-attacks are no longer just a matter for technical teams.
High profile attacks like TalkTalk and Sony have resulted in serious financial and reputational damage being done. The result is that cyber security is starting to become an issue that is handled at boardroom level.
2. Software will sort out your security issues.
Good software management is the number one process required to deal with most cyber attacks. It is effective in reducing the likelihood of a successful attack and in mitigating the effects.Once again, people pose the biggest threat to secure information.
Education regarding exposing their organizations to danger must be implemented. Businesses must strike a balance here though – introducing technical solutions that are complex and unusable by staff is counterproductive and will not protect sufficiently against attack.
3. It’s not all just a question of keeping the bad guys out.
Most organizations that are serious about protecting their information understand that a successful cyber attack is unfortunately inevitable – we have to accept that trying to keep the bad guys out may no be possible.
“We can’t stop them.we can just slow them down”.
4. It’s just the big businesses that will be attacked.
A 2015 HM Government report confirmed that 74 percent of small and medium-sized enterprises reported a security breach. However, only seven percent of small businesses expect information security spend to increase in the next year.
The myth that small and medium-sized businesses don’t face a threat is actually the very opposite.
For a hacker, small and medium-sized organizations are seen as an opportunity as they believe less is being done to protect data.
This data might be information about clients, customer details, bank details or it might be as a way into one of your customers’ systems where you are linked through e-commerce, by email or in some other way.
5. I set a strong and complex password to my account, so I’ll be OK.
Yes, it’s strongly recommended that you set a strong password, so don’t skip this: essential steps. It should be one that has more than 15 characters, both upper and lower cases, and must contain various numbers and symbols. Set a random one so it will be even more difficult for someone trying to break it.
But keep in mind that having a strong password is not enough to keep cyber criminals away. It’s just one of the many security layers that will keep you safe.
Next safety measure that you should check: your password should be unique.
Don’t reuse it between accounts, otherwise a cyber crook will have access to all your digital assets, just by breaching one of those accounts.The best options is to use ‘PASSPHRASE’.
6.I only download and access information from trusted sources. This keeps me protected.
This is a security myth pretty difficult to break.Most people think that accessing safe and secure locations (and even downloading from those websites) will keep them safe.Another common misconception, somehow related, is this one: “It’s on the internet so it must be safe, otherwise it would have been taken down by law enforcement agencies”.
The reality is quite different. Even if we access and download from a trusted source, we are still vulnerable to online dangers.Illegal websites can be launched overnight and disappear just as quickly, but they can also last for years and not get taken down. So don’t count on the law enforcement agencies, they’re usually overworked and can’t keep up with cyber criminals’ shenanigans.
Malicious software developed by crooks is designed to remain hidden from classical antivirus detection.
7.I don’t have anything worth stealing.
Each and every one of us has personal and sensitive data that we want to keep to ourselves and not share with anybody. In the Internet age we live in though, this is becoming increasingly difficult.
One of the primary purposes (if not the only one) of the World Wide Web was to share information.Once information about us is out in the Internet domain, it’s no surprise that it can find its way into the hands of bad people. It is essential to ensure that the more sensitive or personal information is better protected.This includes protecting information stored on our local PC, tablet or smartphone.
We need to realize than any device that can connect to the Internet is an opportunity for hackers.
8. In case I get infected, I will see that for sure.
Don’t be so sure about this.Indeed, this used to be true. In the past, when computers started to run slow and get annoying pop-ups all over the screen, it was a sure sign of infection.Nowadays, cyber criminals improved their methods. They are more efficient and know how to disguise their attacks.
In most cases, users can’t tell if their system is involved in spam campaigns or coordinated DDoS attacks.Malware is built to be undetectable and untraceable even by antivirus software, in order to retrieve the needed sensitive information. It may be months before you even notice.
The hacker of today only needs access to the Internet to initiate an attack. As connectivity to the Internet continues to grow, so does the cyber attack surface available to hackers.
Understand the Risk, Educate Yourself , Secure Yourself.