Every market prediction say that digital threats tend to grow in the coming years. Any company that has some type of operation that depends on connectivity is subject to risks.
That is, basically 99.9% of businesses face this challenge.
Being prepared for this growth is a great challenge. Unfortunately, there are several incorrect information about cybersecurity management. This misinformation prevents the development of a more diligent and preventive attitude to keep business always safe.
So we’ve gathered 5 myths that need to be deleted:
1. Cybersecurity is a subject for IT only
The IT team has the technical ability to understand the information system and manage the data, environments, devices, users and technologies used by the company. That’s a great responsibility.
But all corporate users can collaborate to maintain an adequate level of security. Adopting good practices in the use of network resources, web applications and information processing is essential and contributes greatly to the work of IT.
It is worth remembering the old maxim that says that the user is the weakest link in the chain. This means that users who have the knowledge to behave more safely, avoid security incidents.
It is necessary to change the behavior of people within organizations, promoting good practices from the trainee to the CEO.
2. SMBs are not relevant for cybercrime
According to the Ponemon Institute’s State of Cybersecurity in Small & Medium-Sized Businesses1, in 2018, 67% of small businesses experienced some type of attack and 58% suffered data leakage.
From techniques considered “simple” like the use of phishing to the use of sophisticated malware or targeted attacks, the fact is that SMBs are not safer than large corporations. Episodes of security incidents in this market have been growing in complexity and frequency.
3. Strong passwords protect your business
Specialists always recommend the use of passwords (we have already reinforced them a few times). Strong passwords are the basis for best security practices for both the technical analyst (who must ensure good practices) and the end user (who helps protect data following good practice).
But of course the password format is only the first step.
It is important to put different aspects into this equation:
- Which web applications are your corporate users allowed to use?
- What information do your users have access to?
- What locations does your user access confidential information?
- How many times does a user repeat the same password on different platforms?
- Do you trust web applications used by users?
- Does the connection to these applications go through their security layers – such as firewall and secure web gateways?
Some more sophisticated malicious applications may be able to apply mechanisms to cross the various terms of the equation and get to the point of gaining privileges from a user. The worst case scenario is one where the privileges of a senior executive fall into the wrong hands.
To ward off risks and guide users to adopt best practices in the use of passwords, it is essential that your business direct all network traffic, forcing to use a multi-factor authentication and a minimum level of encryption.
4. Threats always come from outside
Threats can occur outside or within the walls of your company. But 90% of businesses feel vulnerable2 to threats generated within their own environment, according to Crowd Research Partners.
Security strategies that your company adopts to detect and mitigate external attacks and threats need to be complemented by actions that also monitor internal users. Fortunately, it is possible to perform this monitoring with the same technology already adopted against the malicious activities of external agents.
Anyone who has access to private information or platforms can pose an internal threat. Therefore, the actions of management of privileges, network segmentation, and adequate data protection are so important. Secure Web Gateway and data loss prevention solutions, and especially the management of user logs, are equally important.
5. Antivirus are sufficient protection
Every security strategy needs a highly efficient tool to identify malicious applications. But there are a myriad of techniques, applications and their hybridizations, which require a more comprehensive technology, which uses associated layers to face different challenges.
For example, an antivirus can do very little if an attacker is trying to find a breach in a web application.
Therefore, antivirus is important, but it is not enough. This applies to firewalls, content filters, VPNs and so on. Your company will be more protected as more layers can be added to face different modes of malicious action.
Every business needs to create an effective cyber security strategy. Turning away the myths above helps you avoid many mistakes, reduce security incidents, and increase layers of protection.
1 Study with 1,045 business professionals in the United States and the United Kingdom in July 2018.
2 Study with 472 professionals from the LinkedIn Information Security group.