Cybersecurity is a big word that is being used by IT professionals and the mainstream media nowadays, unfortunately, the latter still lack understanding on how to explain it to common people. There is a gap between how the cybersecurity vendor markets their products and services vs how the mainstream media handle the reports as if it is always a doomsday event.
However, that does not mean that there are no myths in the cybersecurity community. With the combination of lack of knowledge and the noise in social media, unimportant stuff gets highlighted while important aspects are equally ignored. We should educate ourselves more with these 10 common misconceptions when it comes to cybersecurity:
You will never be attacked or infiltrated
Nobody in the cybersecurity industry can assure this to anyone. No antivirus product or End Point service can guarantee the same for their corporate customers. You should build security with a precautionary approach, learn about vulnerability attacks, and see it as an opportunity to harden security by applying patches to the affected systems.
It is enough to use anti-virus software
Antivirus signature update from a year ago is no longer protecting anyone today. Hackers have found several ways of destroying anti-virus software and hiding its own attacks in the system. In most cases, a week old antivirus signature is too old already. With the advent of ransomware, the time from infection to damage has become almost instantaneous. In today’s world of rapid and sustained threats, precautionary measures that mitigate both known and unknown threats are essential, not an added feature.
Cybersecurity is an IT issue
It is important to keep in mind that cybersecurity is a responsibility of all departments and is the same regardless of IT implementation or industry. Once the information is digitized, you need to protect everything from accuracy to privacy and availability to completeness. Cybersecurity requirements are of paramount importance across the organization, from data centers to branch offices and mobile devices. Losing the data means lost business, and we already witnessed several companies that went bankrupt as they were not able to recover from customers’ loss of confidence.
Return to paper or disconnect from the internet will minimize the risk
This method can cause many problems, except efficiency and productivity. Disconnecting, implementing “air gaps”, or returning to paper can actually increase vulnerability. On the other hand, networks with air gaps and disconnected networks are difficult to monitor because they generate fewer data logging. Also, due to inconvenience, it is not frequently updated with security patches. Ironically, this increased attack surface makes it easier for criminals to find valuable information and not be noticed.
It is enough to protect yourself
Organizations need to be aware of how they are working with outsiders in terms of cybersecurity. Some of the biggest headline violations in recent years have involved development communities and organizations related to the hacked area. From subcontractors to subsidiaries, vendors, accounting firms, everything in your ecosystem can be a threat or at the very least source of the vulnerability.
It is embarrassing to be hacked
Many people share stories about hacking. It is embarrassing and it also a cause of loss of customer confidence. However, it is important to understand that everyone is vulnerable, and it is better to learn from each other through communication and by learning from the mistake of others. Unfortunately, there are only two types of organizations today: ‘hacked’ and ‘hacked but not yet known’. Hiding violations only increase long-term losses, especially since the introduction of the European Union’s GDPR last May 25, 2018.
New Features of IoT Devices Overwhelm Security
Design-based security is becoming more and more common in IoT devices. Basically, it means implementing the functionality to enable the device to function and survive in a “zero trust” environment. Security must be integrated, automatic and transparent. Usability is important. We can not expect people, especially the elderly, to escape technological competition and guarantee costs, productivity and efficiency.
Cybersecurity is only a form of defense
Again, this is a short-sighted eye on the notion of essential resources. Security should be positioned as a strategic advantage, as it can increase efficiency and reduce costs. Not only is it important for design security and default protection, creating an integrated implementation enhances the ease-of-use products and services and creates a competitive advantage. You can safely take advantage of at least the many benefits that ICT offers. Stop thinking of cybersecurity as just a cost center, and understand the value of your business as a must.
“Cyber risk” is a separate risk
Cyber risk is a risk, period. It is the same risk that covers everything from protecting intellectual property to human resources’ competitiveness and safety and requires the same level of attention from the board of directors and the executive team. The concept of cybersecurity risk is not useful in itself, and treating it as another form is a distraction.
Digital and physical security is separate systems
In today’s automated world, more and more devices are being digitally connected and controlled, such as building elevators and public transport system components. Today, attackers can change device software and destroy physical infrastructure. At the very least, it can create significant inconvenience with potentially fatal consequences.