Seven Cyber-Security Myths Debunked

Uploaded on 2016-06-07 in NEWS-Cybersecurity News, FREE TO VIEW

Security myths cause organisations to incorrectly assess threats, misallocate resources and set inappropriate goals. 

If we look at the world of cyber security through the eyes of the media, it’s a pretty frightening view. We hear story after story of security breaches hitting major companies and the subsequent data leaks that follows affecting thousands of people. It’s enough to fill any business with trepidation.

With cyber security such a big talking point, we tend to see a lot of information floating around – some of which is not in the least bit true. If a company wants to enhance its IT security it is imperative to be able to separate facts from fiction.

It’s these fundamental security myths that cause organisations to incorrectly assess threats, misallocate resources and set inappropriate goals. Dispelling those myths is key to developing a sophisticated and appropriate approach to information security.

So, what are these myths exactly?

Cyber security? Just leave it to the IT department

Implementing appropriate technical controls to safeguard the information that an organisation holds is the first line of defence against security threats. However, the biggest issue faced by businesses is in regards to the users of the systems where this information is held. These people represent the most significant risk either through intentional actions, a disgruntled staff member for example, or by accident. A 2015 HM Government Information Security Breaches Survey found that 81 per cent of large organisations reported some staff involvement in the breaches they suffered.

The most common threat today is ransom ware, an attack that is typically based on sending an email to a member of staff with an attachment. By opening the file, malware is downloaded onto the computer and the rest is then history. Educating staff to not open attachments or click on links is one of the most important areas for organisations to concentrate on.

The risks from cyber-attacks are no longer just a matter for technical teams. High profile attacks like TalkTalk and Sony have resulted in serious financial and reputational damage being done. The result is that cyber security is starting to become an issue that is handled at boardroom level. 

Software will sort out your security issues

To deal with most cyber-attacks, implementing good software management is the first stage of the process. It covers two of the five basic controls that CESG has listed as part of their Cyber Essentials scheme. Whilst it is effective in limiting the success of an attack and mitigating the effects, in isolation it simply cannot achieve everything.

Once again, people pose the biggest threat to secure information. Education regarding exposing their organisations to danger must be implemented. Businesses must strike a balance here though – introducing technical solutions that are complex and unusable by staff is counterproductive and will not protect sufficiently against attack.

It’s not all just a question of keeping the bad guys out

Most organisations that are serious about protecting their information understand that a successful cyber-attack is unfortunately inevitable – we have to accept that trying to keep the bad guys out may not be possible for the majority of businesses, implementing the controls set out by CESG would prevent most straightforward attacks. However, what they are unable to deal with are the less common but more sophisticated and prolonged attacks.

Well-developed processes across an organisation need to be implemented to detect unauthorised network activity and initiate appropriate action quickly. For any organisation holding significant amounts of sensitive or personal data, they must drive change to get to a stage where their systems can identify attacks and automatically change themselves to stop the attack being successful – or minimise the damage that occurs.

It’s just the big businesses that will be attacked

A 2015 HM Government report confirmed that 74 per cent of small and medium-sized enterprises reported a security breach. However, only 7 per cent of small businesses expect information security spend to increase in the next year.

The myth that small and medium-sized businesses don’t face a threat is actually the very opposite. For a hacker, small and medium sized organisations are seen as an opportunity as they believe less is being done to protect data. This data might be information about clients, customer details, bank details or it might be as a way into one of your customers’ systems where you are linked through e-commerce, by email or in some other way.

The previously mentioned ransom ware affects both SMEs and individuals alike. Hackers are intelligent – they do not ask for millions from their victims but instead ask for a sum of money that is significant but acceptable to most people.

The weak point is the user who clicks on links in emails or opens attachments. This is when the vicious circle beings. Before paying the ransom to get back to “normal” operations, just remember there are many gangs out there who will share your information. The evidence that you are willing to pay will quickly be passed around to other similar groups.

If the manufacturers made computing safe we wouldn’t need to worry about cyber security

Things are undoubtedly getting better when it comes to the hardware and software that is being created – Windows 10 is widely accepted as being one of the most secure Microsoft operating systems there has ever been for example. Manufacturers understand the importance of security for users and are working to improve this. They do face a challenge here though. If a computer is too secure then users find ways around the security or do not even use that system at all.

Technology can go so far but it is still often the users themselves who are unpredictable and unreliable.

I don’t have anything worth stealing

Each and every one of us has personal and sensitive data that we want to keep to ourselves and not share with anybody. In the Internet age we live in though, this is becoming increasingly difficult.

One of the primary purposes (if not the only one) of the World Wide Web was to share information. Once information about us is out in the Internet domain, it’s no surprise that it can find its way into the hands of bad people. It is essential to ensure that the more sensitive or personal information is better protected.

This includes protecting information stored on our local PC, tablet or smartphone. We need to realise than any device that can connect to the Internet is an opportunity for hackers.  

The Internet of things is a wonderful development

The Internet addressing protocol IPv6 will provide every single Internet-enabled device in the world with its own unique address so that they can be individually contacted. Smartphones, tablets, washing machines and even cars will be included. Whilst our lives are becoming more connected and convenient, a bigger opportunity for criminals to take advantage of this has been created.

The hacker of today only needs access to the Internet to initiate an attack. As connectivity to the Internet continues to grow, so does the cyber-attack surface available to hackers.

ITProPortal: http://bit.ly/27TH7Sn

 

 

« Real-life RoboCop Will Replace Human Cops By 2020
You Should Not Trust The Media »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

L3Harris United Kingdom

L3Harris United Kingdom

L3Harris UK (formerly L3 TRL Technology) designs and delivers advanced electronic warfare and cyber security solutions for the protection of people, infrastructure and assets.

Nexcom International

Nexcom International

Nexcom operates six global businesses - IoT Automation, Intelligent Digital Security, Internet of Things, Intelligent Platform & Services, Mobile Computing Solutions, Network & Communications.

Assured Enterprises

Assured Enterprises

Assured Enterprises provides comprehensive cyber risk identification, management and mitigation across all platforms.

VU Security

VU Security

VU is a specialist in Cybersecurity software development with a focus on the prevention of fraud and identity theft.

Cybersecurity Professionals

Cybersecurity Professionals

Search vacancies from top cyber security jobs worldwide on CyberSecurity Professionals. View IT security jobs or upload your CV to be seen by recruiters from industry leading firms.

OpSec Security

OpSec Security

OpSec Online is the only brand protection solution that spans all channels so your brands are protected no matter what digital venue the criminals target.

PreEmptive Solutions

PreEmptive Solutions

PreEmptive Protection hit the sweet spot between cost, convenience and functionality by helping you protect and secure your apps in a smarter way.

R3I Ventures - House of DeepTech

R3I Ventures - House of DeepTech

The House of DeepTech is an incubator for deeptech entrepreneurs that are transforming global industries. Areas of interest include cybersecurity.

Cyber Readiness Institute (CRI)

Cyber Readiness Institute (CRI)

At the Cyber Readiness Institute, our mission is simple: empower small and medium-sized enterprises with free tools and resources to help them become more secure and resilient.

Torq

Torq

Torq's no-code automation modernizes how security & operations teams work with easy workflow building, limitless integrations and numerous pre-built templates.

Cybaverse

Cybaverse

Cybaverse (formerly North Star Cyber Security) was founded to create the perfect blend of a Managed Security Service Provider (MSSP) and a Cyber Security Consultancy in one.

Cyber Legion

Cyber Legion

Cyber Legion Ltd is a UK-based Cyber Security as a Service (CSaaS) start-up that provides IT security testing services to various organizations around the globe.

Highen Fintech

Highen Fintech

Highen is a blockchain software development company with offices in the United States and development centers in India.

BreakPoint Labs

BreakPoint Labs

BreakPoint Labs is dedicated to providing the methods and means for sustainable, measurable, and effective cybersecurity operations.

Trium Cyber

Trium Cyber

Trium Cyber - Expert Cyber Underwriting and Claims Management. Based in the US and UK. Backed by Lloyd’s of London.

Bestman Solutions

Bestman Solutions

As a specialist cyber security practice, we believe that people are an organisation’s most valuable asset. Success depends on hiring the right people, and this is where we come in.