Five Greatest Cybersecurity Myths

Uploaded on 2015-12-07 in Directors Reports

With the average cost of a data breach now sitting around $6.5 million in the US, businesses will be eagerly looking at how they can avoid being compromised.

With more interest in the industry than ever, we bust the top five myths surrounding cybersecurity:

Myth 1: Small organisations aren’t targeted by hackers…

It’s a common misconception that hackers overlook small organizations and focus on large organizations only, but the truth is that virtually every web-based attack (98%) is opportunistic in nature, according to the 2015 Verizon Data Breach Investigations Report (DBIR).

In fact, because of this misunderstanding, small organizations tend to have inadequate levels of cybersecurity (more so than large organizations) and are actually an ideal target for hackers.

What’s worse is that 60% of small organizations that are compromised close down within six months.

Every organization – large and small – needs to strengthen its cybersecurity procedures.

Myth 2: It’s really expensive to be cyber secure and the ROI isn’t worth it

It’s true that being cyber secure costs money, but effective cybersecurity is actually a lot more affordable than people think, and considerably cheaper than suffering a data breach (now averaging $6.5 million).

It’s impossible to put an average cost on being cyber secure as every organization is different – in terms of size, resources, etc. – but organizations can implement ISO 27001, the internationally recognized cybersecurity standard, from as little as $659 with our packaged solutions.

In terms of return on investment (ROI), it’s hard to quantify the savings from an attack that didn’t happen, but the whole idea of cybersecurity is to decrease the costs related to security problems (i.e. incidents). If you manage to decrease the number and/or extent of security incidents, you will save money. In most cases, the savings achieved are far greater than the cost of the safeguards, so you will ‘profit’ from cybersecurity.

Myth 3: Cyber threats are a technology problem so a technology solution will fix them

Implementing the latest AlienVault solution may keep track of attacks or unusual activity, but it won’t get to the root of the problem.
It won’t prevent your staff from clicking on malicious links in emails, from letting a stranger through your organization’s front door, or from sending unencrypted customer data to someone outside the organization.

A comprehensive, holistic approach that covers your people, processes, and technology is the only real answer to achieving true cybersecurity, and ISO 27001 is the only internationally recognised cybersecurity standard that addresses all of these three areas.

Myth 4: Hackers are your biggest threat

Reports show that your employees are in fact your biggest threat.

“Internal attacks are one of the biggest threats facing your data and systems,” states Cortney Thompson, CTO of Green House Data. “Rogue employees, especially members of the IT team with knowledge of and access to networks, data centers and admin accounts, can cause serious damage,” he says.

As well as disgruntled employees, you also need to be aware of careless or uninformed employees – those who mistakenly leave their work cell phone in a taxi, have weak passwords, or click on links in suspicious emails – and how your partners and suppliers are handling their cybersecurity. These all pose enormous security threats to your systems and data, and tend to be more insidious.

Myth 5: I don’t need cybersecurity – I have cyber insurance

Although cyber insurance seems like a fail-safe, simple way to tackle cybersecurity, it is often the opposite. Many cyber insurers include clauses stating that failing to implement basic cybersecurity measures will void your coverage, so it’s really important to check your policy carefully.

Insurance protection is just one of the ways to mitigate costs; you must also consider having an incident response plan and team in place, extensive use of encryption, business continuity management involvement, CISO leadership, employee training, board-level involvement, and other factors.

We touch on ISO 27001 frequently at IT Governance because of its comprehensive, holistic approach to cybersecurity and its worldwide recognition.

To help businesses implement the Standard, we have devised a range of packaged solutions that blend expert tools and resources to provide you with everything you need to implement ISO 27001 without the usual associated complexities and costs.

it governance: http://bit.ly/1XOTNHw

 

« Signs a Board Thinks Security is Better than It Is.
Common Cyber Threats You Need to Be Aware Of »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

National Institute of Standards & Technology (NIST)

National Institute of Standards & Technology (NIST)

NIST is a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce. Areas covered include IT and cybersecurity.

Xcitium

Xcitium

Xcitium (formerly Comodo) is and industry leading provider of state-of-the-art endpoint protection solutions. Our Zero threat platform isolates and removes all ransomware & malware infectictions.

HackLabs

HackLabs

HackLabs is a penetration testing company providing services for network security, web application security and social engineering testing.

Cellebrite

Cellebrite

Cellebrite delivers comprehensive solutions for mobile data forensics and mobile lifecycle management.

Compass Security

Compass Security

Compass Security is a specialist IT Security consultancy firm based in Switzerland. Services include pentesting, security assessments, digital forensics and security training.

Momentum Cyber

Momentum Cyber

Momentum Cyber provides world-class M&A and strategic advice combined with unparalleled senior-level access to the Cybersecurity ecosystem.

Scythe

Scythe

SCYTHE is a next generation red team platform for continuous and realistic enterprise risk assessments.

StartupXseed Ventures

StartupXseed Ventures

StartupXseed Ventures is a smart capital provider for Deep Tech, B2B, Early Stage Startups. We support, NextGen Tech Entrepreneurs, who have potential to deliver the outsized growth.

StoneLock

StoneLock

StoneLock is a trusted leader in the design and manufacture of facial recognition software and technology.

ClubCISO

ClubCISO

ClubCISO is a community of peers, working together to help shape the future of the information security profession by facilitating independent discussion on data security and cyber resilience.

Motiv ICT Security

Motiv ICT Security

Motiv is the ICT security specialist that provides public and private sector organisations with IT security solutions and services to prevent cybercrime, data theft and data breaches.

Technisanct

Technisanct

Technisanct works with Governments, especially Law Enforcement and Defence agencies, helping them in monitoring threats, managing their data and resolving their forensic needs.

Blackrock Cyber

Blackrock Cyber

Blackrock Cyber consults on critical security decisions, oversees compliance for your payment initiatives, and details cyber security training for your entire organization and board reporting.

Swish Data Corp.

Swish Data Corp.

Swish delivers when the problems are complex, requirements are difficult, and the mission is absolutely critical.

ZainTech

ZainTech

Zaintech is a regional digital & ICT solutions provider offering comprehensive digital solutions and services to enterprise and government customers in the MENA region.

Tryaq

Tryaq

Tryaq are a group of cybersecurity experts and enthusiasts who share the mission to make the world feel safer online.