10 Cybersecurity Myths You Need To Stop Believing

10 Cybersecurity Myths

10 Cybersecurity Myths You Need To Stop Believing

01. No one cares about you or Your business is too small for a cyber attack!

02 . Your Anti-virus is good enough

03 . Your Passwords are Strong and hard to guess

04 . Your industry doesn’t have any cyber threats

05 . Bringing your own device is safe

06 . We have a Perfect Cybersecurity Strategy

07 . Cyber Threats are only external

08 . IT department will take care of it

09 . We don’t need tests or training

10 .  We will see any attack or the malware right away

Cybersecurity Myths

01. No one cares about you or Your business is too small for a cyber attack!

There are so many induvial’ s or Small and Mid-Sized Businesses think that they are safe from any kind of cybersecurity attacks  because they’re too small , or no one cares about them.

Cyber security is important for individuals because:

  • Cyber-attackers can cause damage  you via cyber-attacks such as IT theft, phishing, email spoofing and cyber extortion or make you a direct target and to be their victim.
  • As a direct victim you can have financial impact , privacy loss or even Intellectual Prosperity losses as an Autor, singer

02 . Your Anti-virus is good enough

Anti Virus by itself can never protect you from an advanced cyber attack by itself.  Most of the Anti viruses relays on a database & signature updates, some of them have also behavior analysis, which can protect you bit more, but if your devises are not up to date, if you allow to run a unknown application  with full write privileges then there is not much what your software can do. You need a complete Advanced End Point Detection system with much more then just being a Anti Virus . If you need more info Comodo AEP can help you with this.

03 . Your Passwords are Strong and hard to guess

Unfortunately you are not the only one who thinks like that , most people think like you and they assume that their regular passwords are strong enough to stand against multiple break-in attempts. Cracking Passwords is much easier then you think, and the below list is a good example to show you how

Cracking Passwords
Cracking Passwords

 

 

 

 

 

 

 

 

 

 

 

Now if you have a complex password with 18+ digits, yes it might take long to brute force your password , but it will not take long to steal your hash , without even worrying to know your password. You can learn more about this in my book Cybersecurity Attack and Defense Strategies

04 . Your industry doesn’t have any cyber threats

I guess by know you know why this statement is wrong too! Not every hacker is part of Nation State or APT’s , or not every hacker is always after the big fish, as a result you have to take care as an individual, small business or what ever industry you are in

05 . Bringing your own device (BYOD) is safe

BYOD is for sure cost effective for organizations, but today everyone is realizing the importance of Zero Trust , as a CISO if you don’t have the right policies to manage BYOD devises then you might expose more risk in to your organization.

You need to establishing minimum standards for device protection (including formal policies for bring-your-own-device (BYOD) , it’s a must!

06 . We have a Perfect Cybersecurity Strategy

I am sure you have, but then how come so many Fortune organizations are still getting hacked ? As long as a Human Factor is getting involved, no body can be perfect !

A cyber security strategy involves implementing the best practices for protecting a business’s networks from cyber criminals. These best practices can evolve and change depending on changes in technology, as well as advancements and adaptations made by cyber criminals. You need to Plan, Check, Implement your strategy well, you need to “do” the right thing and continuously improve your Cyber Strategy it

See the source image

07 . Cyber Threats are only external

I wish there were no such a term like “insiders”. I am sure you came across many Hollywood movies where an insider helps the people outside to come in, or to leak information, and unfortunately this applies in cyber space as well, Even at NSA ( Edward Snowden) , Tesla ( Employee Fired to downloads company secrets) and there are many more examples like this.

So what is an Insider Threat ?

An insider threat refers to a cyber security risk that originates from within an organization. It typically occurs when a current or former employee, contractor, vendor or partner with legitimate user credentials misuses their access to the detriment of the organization’s networks, systems and data.

08 . IT department will take care of it

Your CIO and IT department can handle it ! Yes, IT play a very critical role on any organizations success. The IT department can implement, manage devises, policies but I still believe that every organization needs a CISO which does not report to CIO .

Saying that neither the CIO or CISO can just take care of “Cybersecurity ” but they can create a culture in the organization where everyone can contribute towards cybersecurity, and this can be archived via customized Cyber Awareness training for each departments   . If every employee , contractor , partner understands the cyber risks which faces them then they will for sure help you mitigate potential threats such as spear phishing.

09 . You don’t need Penetration tests or training

Do you have your own internal Penetration Tester /s ? No ? You for sure need at least once a year an external pen test. Yes? this is great , but you still need to be tested.

While your team can find most of the internal vulnerabilities, cyber risks via tools ,its important to cover all your assets end to end including your web / cloud assets.

Training means budget, I am fully aware of this. But just looking at some Data breach reports like Verizon‘s will show you clearly that most of the cyber attacks happens because of “misconfiguration” ‘s and misconfiguration usually is done because of lack of knowledge, and knowledge can be improved only with training.

Books will be helpful, that’s why I am writing books like many other other authors, same with Blog’s, hey look at it you are currently either at my LinkedIn page, or in my blog ( or in someone else’s who copied this article – which is OK), us bloggers share lots of valuable information, but most of the articles are designed around a single issue, and not end to end training of a product, service or framework. Of course there are great YouTube Video’s to watch, but unless those video’s are covering end to end a training, and you do not spend a dedicated time to watch and learn them, then you need a “training”

10 .  We will see any attack or the malware right away

Based on many data breach reports, it takes up to 100+ days to find a hacker inside your network. Earlier in this article I recommended few products , but don’t forget there are so many different attack vectors, like Social Engineering which is very hard to detect.

Your IDS / IPS, security agents , HIPS or defense in depth strategies are all very important, but never enough to stop a sophisticated attack. While a “containment technology” can help you to see the malware’s , unknown executables, you need to be also in control of your network devices including IOT , in top of your DLP and other software vulnerabilities and more….

In Summary

There is no way to stop a cyber attack, you should adopt the assume breach methodology, have a incident response plan, implement defense in depth, know your crown jewels and keep learning….

 

Cybersecurity Myths – 10 Cybersecurity Myths You Need To Stop Believing 10 Cybersecurity Myths You Need To Stop Believing 10 Cybersecurity Myths

10 Cybersecurity Myths
10 Cybersecurity Myths

Share this post

Leave a Reply

Your email address will not be published.