The 3 Top Cybersecurity Myths & What you ought to Know
With many employees now attempting to figure from home, it is vital to challenge misconceptions about cybersecurity.
Imagine you’re performing at the front desk of a tech company when a lady walks through the front entrance and tells you she was just during a car accident. You ask if there’s anything you’ll do to assist, but she says it wasn’t serious and asks if you’ll direct her to a restroom.
You later discover that the lady inserted a flash drive into an unattended computer and infected your company’s entire system with a destructive sort of malware. Or a minimum of that is what she could have done if the malware was real — this strange scenario was actually an elaborate demonstration (arranged by a cybersecurity professional I know) designed to point out employees that not all cyberattacks are administered remotely.
The idea that cybercriminals never interact with their targets is one of many cybersecurity myths that require to be debunked. With many employees now attempting to figure from home for the primary time thanks to the COVID-19 pandemic — which increases their vulnerability quite ever — it is vital to challenge stubborn misconceptions about cybersecurity.
Myth No. 1: the safety team goes to guard me.
Many employees argue that they are not particularly technical, in order that they simply delegate the work of keeping themselves and therefore the company safe to somebody else. But at a time when every employee uses multiple connected devices and hackers are increasingly targeting people across entire companies, there is no excuse for leaving cybersecurity up to somebody else.
Andy Boldin is that the solutions delivery chief at SAIC, and he told me the complacent concept “the security team goes to guard me” is one among the foremost consequential cybersecurity myths there is: “People think the safety team will lookout of everything,” he says, “while they will do whatever they need .” this is not just wrong — it is the opposite of the reality. Social engineering — the deception and manipulation of the citizenry to infiltrate a corporation — is that the commonest and dear sort of cyberattack. And anyone is often a target, from a CEO to a receptionist.
According to a 2018 survey conducted by the Ponemon Institute, companies cite their “inability to rent and retain expert staff” together of the most important cybersecurity problems they face. Meanwhile, they rank “human factors” together of their most serious vulnerabilities. Both of those issues point to one solution: empowering employees to be cybersecurity defenders at every level of the corporate.
Myth No. 2: IT professionals don’t fall for cyberattacks.
Many companies think a well-trained IT team is all the protection they have against cyberattacks, but this is often another harmful myth. As Boldin explains: “Even professionals fall for social engineering attacks. People will always search for the straightforward way of doing things — including IT pros. Everyone multitasks and security doesn’t always get our full attention.”
This is why Boldin recommends “continual training” across the whole company — and not just annual compliance training, which he describes because of the “new normal.” He argues that frequent and consistent “hands-on awareness training” is that the best way for companies to stay themselves safe. this is often particularly important for the tiny and medium-sized businesses (SMBs) that structure the core of the U.S. economy. Many SMBs can’t afford dedicated IT security teams, which makes companywide cybersecurity training all the more important for them. consistent with Verizon’s 2019 “Data Breach Investigations Report,” 43% of breaches “involved small business victims.”
Even if IT professionals were capable of spotting and thwarting every cyberattack — which certainly is not the case — many companies would still be left with no defenses, as most companies do not have the resources to create their own IT teams. this is often only one more reason why effective cybersecurity platforms need to include everyone.
Myth No. 3: Cyber attacks are confined to the digital world.
Granted, the scenario at the start of this text is fairly implausible. But once we finally return to the office, it’s essential to recollect that physical security is, in fact, an important element of any robust cybersecurity platform. Many major breaches are caused by a strategically placed flash drive, a stolen laptop, or another sort of physical infiltration.
As Boldin observes, “Security isn’t just cybersecurity. Remember that physical access can play an important role.” within the summer of 2017, a Russian worm called NotPetya swept around the world, damaging critical infrastructure, isolating international shipping operations, and causing $10 billion in damage. For the worldwide shipping giant Maersk, one infected computer ended up spreading the worm across the whole company.
This is a stark reminder that one physical entry point can crash a huge network and cripple the most important company within the world. There are other examples, too — the Stuxnet worm that ravaged Iran’s Natanz nuclear facility was delivered via a flash drive that was plugged straight into one among the facility’s computers. Infected flash drives have even been handed out at tech conferences. Physical security is cybersecurity.
Strong cybersecurity platforms cannot be built on myths and clichés. There are some ways during which today’s cyberthreats defy our assumptions, but the foremost destructive myth is that the notion that cybersecurity is someone else’s responsibility. Every employee has got to be armed against cyberattacks, and while this might sound a touch daunting initially, employees who are capable of keeping themselves and their companies safe will discover that it is also empowering.