Top 10 cybersecurity myths and how to prevent them from costing you

In a world threatened by cybercrime daily, there’s a lot of misconceptions out there concerning the importance of cybersecurity. See if you’ve heard a few of these myths in your own facility, and we’ll provide arguments that counter them.
Myth #1: The only worthwhile targets are large corporations
As we’ve reported in the past, everyone is a target by association to these larger companies and no one is immune from cybercrime’s impact. Of the companies that experienced cyberattacks in 2016, 31% were small and mid-sized companies that had less than 250 employees.
Myth #2: Users aren’t facing that many threats in a given day
That’s some strong wishful thinking. But the reality is that security firms pushing out those numbers – while they may fluctuate – aren’t over-exaggerating the issue. The average organization with 1,000 to 3,000 employees will see anywhere from 11 to 20 incidents in a single day. Larger organizations that have 3,001 to 5,000 employees? Well, they’re a bit busier and see 21 to 30 incidents a day. The largest organizations that have 5,001+ employees will see 31 to 50 incidents in any given day, all according to McAfee Labs’ Threats Report.
Myth #3: Outsiders are the bad guys
Whoops, also not true, though you may not want to think about your own staff and users acting against you. Roughly a third of all incidents are actually caused by insiders, whether that’s due to negligence, accident, or actual malicious intent. This number is backed up both by a Radware report and a study conducted by Verizon.
Myth #4: Companies are prepared to combat cybercrime
While new research conducted by BMC and Forbes say that 68% of your peers plan to bolster their security response capabilities in the next year, the same research found that 40% don’t have any response plan right now. Another 70% also lack cyber-insurance, which comes in han
dy when mitigating the costs following an attack.
Myth #5: I’d sign my company up for an insurance policy if I could – it’s just not that easy
The market has given rise to several options for companies to buy cyber-insurance. But if it’s not the market’s options that have you pausing, and instead is your own C-Suite, make sure to show them the impact of a successful cyberattack in terms they understand: financials. An attack doesn’t even have to be successful – it just has to be a close call – for there to be an impact on the company’s bottom line and public perception.
Myth #6: Our computers are fully protected with antivirus and encryption, so we’re fine
That’d be great… if hackers were just going after your users’ computers. In just three short years, computers are going to take a back seat to mobile devices like tablets and smartphones, according to a prediction report from Cisco. It doesn’t help that these devices are frequently used to connect to insecure Wi-Fi hotspots, despite your best efforts to dissuade users from doing so. Furthermore, it’s a lot easier for a thief to make off with a smartphone than a computer. If your company isn’t preparing for that eventuality, it’s going to be in a heap of cybersecurity trouble.
Myth #7: OK so computers aren’t that secure, we at least have a strong firewall and network security
Ah ah, except network security might not be the issue, since 57% of the time a threat is coming from an application, according to a survey by F5 Networks. The same survey also found a disparity in IT budgets, where 18% is funneled into application security, whereas 39% is used to beef up network security.
Myth #8: But we have plenty of Millennials in our office, and since they’re digital natives they’re also more cautious
It’s nice of you to put so much faith in them, but on the contrary their tech-savvy natures tend to backfire. In fact, Millennials tend to be more relaxed and less concerned about what data they’re sharing online. With a lack of suspicion toward applications they’re familiar with, incidents like Google’s recent phishing attack can spread like wildfire with no one the wiser to what they were contributing to. Just like every other user in the office, the younger generations would benefit from strong cybersecurity policies and training.
Myth #9: Strong passwords will prevent any issues
Yes, everyone should have strong passwords as one of many lines of system defense. But passwords only work well when paired with other measures, such as two-factor authentication. And even that has its security issues. Users can also become security fatigued. If they’re forced to change passwords too frequently, they may start taking other unsafe actions to remember them. There’s nothing like finding a password written down conveniently at the desk of the locked, supposedly secure, computer.
Myth #10: So let’s just hire a bunch of capable cybersecurity professionals and be done with this
Except your job opening will join one-million other job vacancies worldwide. There just aren’t enough skilled professionals to meet the needs of contemporary companies. While there are several initiatives currently underway to train individuals and prepare the next generation to meet these job demands – the shortage is expected to reach 1.5 million vacancies by 2019 – those prospects aren’t likely to pan out in time for your team. Instead, look internally and see who would like to learn more skills and earn a potential promotion.


. . . . . . . .

Leave a Reply