13 Nov Five Cybersecurity Mistakes
Cybersecurity is becoming increasingly important for organisations and individuals. We all need to protect our systems and our data from being compromised.
Unfortunately, there’s a lot of wrong information and inappropriate advice being circulated. This, in addition to the context in which the media frames cyber attacks, has all led to some commonly accepted but often erroneous beliefs regarding cyber threats and best practices to counteract those hazards.
Here are five of the most common mistaken beliefs related to cybersecurity.
Hackers are amateurs
This mistaken belief is based upon the stereotypical image of hackers as high school or college students who stay up late at night in their parent’s attic attempting to mischievously hack into some organisation as either a prank or as a way to demonstrate their prowess.
The reality is that hacking, like most Olympic sports, has gone pro. Hackers, or at least the ones we need to be concerned about, are very much in it for the money. Therefore the techniques they use and the targets they pursue are often times dictated by both the costs involved and the potential earnings if successful. In short, cybercriminals, like businesspeople, are looking to maximise their ROI.
TIP: Make it costly for hackers to breach your system. The greater the cost, the greater likelihood that cybercriminals will leave you alone and move on to an easier target.
Hackers are unstoppable
Most of us have heard or seen the famous quote from FBI Director Robert S. Mueller, “There are only two types of companies; Those that have been hacked and those that will be hacked.”
This statement was later modified by Cisco CEO, John Chambers when he said a more accurate statement would be, “There are only two types of companies: Those that have been hacked and those that don’t know they have been hacked.”
While the accuracy of these remarks can be debated, the problem with them is that they give listeners the impression that resistance is futile and no protective measures will be effective against the cyber boogeymen.
This simply isn’t true. Proper planning, policies, processes, training, and technology can greatly reduce the likelihood of being hacked. Sometimes it can be as simple as activating some of the security features that are already available on your IT platform.
In fact, a recent study found that a large percentage of 0365 enterprise clients had not activated many of the built-in security features that would greatly reduce their organisation’s vulnerability to attack.
TIP: Run a security assessment on your current IT platform. This can be a low-cost and effective way to identify vulnerabilities.
Hackers only target large organisations
The reality is that most attacks today are automated to go after any target they come across on the internet. It doesn’t matter if you are a small, medium, or large company, or even just an individual. If you are on the internet, you will be attacked.
TIP: Assume you will be attacked. Educate yourself and the people in your organisation on basic cybersecurity preventative measures such as smart password usage, phishing awareness, and data protection.
Successful intrusions are relatively rare
We’ve all seen the headlines about Equifax, Sony, Deloitte, and others. It seems like there’s major breach reported every couple weeks. This leads to the impression that breaches only happen a couple times a month. Unfortunately, this is far from the truth. Just do a news search on Google for “cyber attack” and you will see a number of new attacks reported on a daily basis.
TIP: Don’t assume that cybercriminals aren’t that active. They, along with the automated attack campaigns, basically never sleep. But, if you have the proper processes and technology in place, you won’t be kept up late at night worrying about your networks’s security.
Effective cybersecurity costs a lot of money and is ultra technical
This is just plain wrong. 91 percent of all successful intrusions originate from a phishing campaign. These can be blocked with proper training and technology. In fact, more often than not, companies have adequate tools in place, but haven’t configured them in an appropriate manner. Another commonly missed preventative measure is simply insuring that you’ve installed the latest patches. Ask the folks over at Equifax. Their recent problem could’ve been prevented by installing a publicly available patch. Lastly, protecting data with appropriate processes and technology can be quite simple and often times automated. Just by paying attention to these three practices, you can significantly improve your network’s security.
TIP: Talk with a cybersecurity expert who can help you assess your platform’s current strength’s and weaknesses, and then help you to implement the appropriate policies, processes, training, and technology.
Mark Shriner is Director of Business Development for adaQuest a Microsoft Cybersecurity & Compliance partner with offices in Bellevue, Washington, Tokyo, and Sao Paulo.