Cyber security – here are 7 common myths to be aware of

By Andy Taylor, APMG International.

  • 8 years ago Posted in
With cyber security such a big talking point currently, we’re seeing an increasing amount of information floating around. Whilst much of this is useful, some is entirely untrue.  

For any company looking to improve its IT security, it is imperative to be able to separate the facts from fiction.

It's these fundamental security myths that cause organisations to incorrectly assess threats, misallocate resources and, in some cases, expose themselves to threat unnecessarily. Dispelling those myths is key to developing a sophisticated and appropriate approach to information security.

 

Here’s my thoughts on the common fables you should be aware of when it comes to cyber security and protecting your organisation.

 

 

1. Just let the IT department deal with security issues

 

The biggest issue faced by businesses is in regard to the users of the systems where this information is held. These people represent the most significant risk either through intentional actions, a disgruntled staff member for example, or by accident. A 2015 HM Government Information Security Breaches Survey found that 81% of large organisations reported some staff involvement in the breaches they suffered.

 

The most common threat today is ransomware, an attack that is typically based on sending an email to a member of staff with an attachment. Educating staff to not open attachments or click on links is one of the most important areas for organisations to concentrate on.

 

High profile attacks like TalkTalk and Sony have resulted in serious financial and reputational damage being done. The result is that cyber security is starting to become an issue that is handled at boardroom level and not just left to the IT department to deal with.

 

 

2. Software is the answer to your security issues

 

Implementing good software management is the first stage of the process to ensuring your business is secure. It covers two of the five basic controls that CESG has listed as part of their Cyber Essentials scheme. Whilst it is effective in limiting the success of an attack and mitigating the effects, in isolation it simply cannot achieve everything. 

 

As mentioned already, people pose the biggest threat to secure information and education is key. Businesses must strike a balance here though – introducing technical solutions that are complex and unusable by staff is counterproductive and will not protect sufficiently against attack.

3. Keep the bad guys out and you’ll be fine

 

Whilst most organisations are serious about protecting their information, they also understand that a successful cyber attack is unfortunately inevitable. For most businesses, implementing the controls set out by CESG would prevent most straightforward attacks. However, what they are unable to deal with are the less common but more sophisticated attacks.

 

Well-developed processes need to be in place across an organisation to detect unauthorised network activity and initiate action quickly. For an organisation holding significant amounts of sensitive or personal data, they must drive change to get to a stage where their systems can identify attacks and automatically change themselves to stop the attack being successful.

 

 

4. Hackers are only interested in the big companies

 

The myth that small and medium-sized businesses don’t face a threat is actually the very opposite. For a hacker, small and medium sized organisations are seen as an opportunity as they believe less is being done to protect data. This data might be information about clients, customer details, bank details or it might be as a way into one of your customers’ systems where you are linked through e-commerce, by email or in some other way.

 

A 2015 HM Government report confirmed that 74% of small and medium-sized enterprises reported a security breach. However, only 7% of small businesses expect information security spend to increase in the next year.

 

 

5. The manufacturers need to make safer computers and we’ll all be secure

 

Windows 10 is widely accepted as being one of the most secure Microsoft operating systems there has ever been for example. Manufacturers understand the importance of security for users and are working to improve this. They do face a challenge here though. If a computer is too secure then users find ways around the security or do not even use that system at all.

 

Technology can go so far but it is still often the users themselves who are unpredictable and unreliable.

 

 

6. They won’t hack us – we don’t have anything worth stealing


Every single one of us has personal and sensitive data that we want to keep to ourselves. In

the Internet age we live in though, this is becoming increasingly difficult. One of the primary

purposes (if not the only one) of the World Wide Web was to share information. Once

information about us is out in the Internet domain, it’s no surprise that it can find its way into

the hands of bad people. It is essential to ensure that the more sensitive or personal

information is better protected.


This includes protecting information stored on our local PC, tablet or smartphone. We need to

realise than any device that can connect to the Internet is an opportunity for hackers.


7. The Internet of Things is a great development

The Internet addressing protocol IPv6 will provide every single Internet-enabled device in the

world with its own unique address so that they can be individually contacted. Smartphones,

tablets, washing machines and even cars will be included. Whilst our lives are becoming

more connected and convenient, a bigger opportunity for criminals to take advantage of this

has been created. The hacker of today only needs access to the Internet to initiate an attack.

As connectivity to the Internet continues to grow, so does the cyber attack surface available

to hackers.

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...