ABL Network Solutions

1.877.44

ABLNS

Five greatest cybersecurity myths

Posted: July 14th 2015

    Myth 1: Small organizations aren’t targeted by hackers

    It’s a common misconception that hackers overlook small organizations and focus on large organizations only, but the truth is that virtually every web-based attack (98%) is opportunistic in nature, according to the 2015 Verizon Data Breach Investigations Report (DBIR).

    The Verizon 2015 Data Breach Investigations Report found that 99.9% of exploited vulnerabilities were compromised more than a year after the vulnerability was disclosed. Moreover, 97% of exploits observed in 2014 were the result of just ten published vulnerabilities, indicating that poor patch management practices were a major cause of data breaches. If the affected organisations had applied patch management properly, they might have been able to mitigate the attacks.

    In fact, because of this misunderstanding, small organizations tend to have inadequate levels of cybersecurity (more so than large organizations) and are actually an ideal target for hackers.

    What’s worse is that 60% of small organizations that are compromised close down within six months.

    Every organization – large and small – needs to strengthen its cybersecurity procedures.

    Myth 2: It’s really expensive to be cyber secure and the ROI isn’t worth it

    It’s true that being cyber secure costs money, but effective cybersecurity is actually a lot more affordable than people think, and considerably cheaper than suffering a data breach

    It’s impossible to put an average cost on being cyber secure as every organization is different – in terms of size, resources, etc. – but organizations can implement ISO 27001, the internationally recognized cybersecurity standard With little relitive cost.

    In terms of return on investment (ROI), it’s hard to quantify the savings from an attack that didn’t happen, but the whole idea of cybersecurity is to decrease the costs related to security problems (i.e. incidents). If you manage to decrease the number and/or extent of security incidents, you will save money. In most cases, the savings achieved are far greater than the cost of the safeguards, so you will ‘profit’ from cybersecurity.

    Myth 3: Cyber threats are a technology problem so a technology solution will fix them

    Implementing the latest solution may keep track of attacks or unusual activity, but it won’t get to the root of the problem.

    It won’t prevent your staff from clicking on malicious links in emails, from letting a stranger through your organization’s front door, or from sending unencrypted customer data to someone outside the organization.

    A comprehensive, holistic approach that covers your people, processes, and technology is the only real answer to achieving true cybersecurity, and ISO 27001 is the only internationally-recognized cybersecurity standard that addresses all of these three areas.

    Myth 4: Hackers are your biggest threat

    Reports show that your employees are in fact your biggest threat.

    “Internal attacks are one of the biggest threats facing your data and systems,” states Cortney Thompson, CTO of Green House Data. “Rogue employees, especially members of the IT team with knowledge of and access to networks, data centers and admin accounts, can cause serious damage,” he says.

    As well as disgruntled employees, you also need to be aware of careless or uninformed employees – those who mistakenly leave their work cell phone in a taxi, have weak passwords, or click on links in suspicious emails – and how your partners and suppliers are handling their cybersecurity. These all pose enormous security threats to your systems and data, and tend to be more insidious.

    Myth 5: I don’t need cybersecurity – I have cyber insurance

    Although cyber insurance seems like a fail-safe, simple way to tackle cybersecurity, it is often the opposite. Many cyber insurers include clauses stating that failing to implement basic cybersecurity measures will void your coverage, so it’s really important to check your policy carefully.

    Insurance protection is just one of the ways to mitigate costs; you must also consider having an incident response plan and team in place, extensive use of encryption, business continuity management involvement, CISO leadership, employee training, board-level involvement, and other factors.

ABL Network Solutions