This post was published on Hortonworks.com before the merger with Cloudera. Some links, resources, or references may no longer be valid.
Data breaches and other incidents may be inevitable, but the threat landscape is expanding so quickly that it’s tough to keep up. Cybersecurity is the ability to protect your digital assets—from the network to individual endpoints. Strong cybersecurity also relies on a solid security strategy that includes the right technology to detect anomalies, the ability to meet compliances and regulations, and thorough security training for employees. This training must address cybersecurity myths.
Some myths may have been true a decade or more ago, but cyber threats and cybersecurity have evolved. When employees believe these myths, your strategy addresses the fallacy and not the reality, which puts your company’s network and data at greater risk. Recognizing cybersecurity myths will improve your overall security and make your strategy more effective. Here are the top myths that need to be busted.
1. Hackers Live in Their Parents’ Basement
The myth that hackers are individuals or a small band of people attacking your network was repeatedly promoted during the 2016 presidential election. But the truth is that cybercrime is organized crime that is run like any big business. The attacks are well-coordinated and targeted. Cybercrime organizations often have a management hierarchy, outside consultants, and a strong customer base.
2. They Only Want Your Data
There is a lot of emphasis on protecting the data, but cybersecurity is not just about data. Cybercriminals also want your resources. Even if you don’t think you have anything of value, you still have devices connected to the internet. They take over your devices to turn them into botnets that attack other organizations. Using your machines, they can also create virtual clouds and rent them out. Always remember that you are up against an aggressive competitor who has none of your cost or legal constraints.
3. Anti-Virus Protection Is All You Need
A long time ago, good anti-virus software and a firewall made for an effective frontline defense for the network. A lot of people today still believe this is the only protection they need. While you still need these tools, they only protect one machine—not the network. You have to look at your organization as a whole. Since its perimeters are no longer nicely defined, a holistic view is necessary to understand all the touch points of the organization and to integrate protection.
4. Security Is an IT Issue
Because your IT staff works with computers and the network already, you may think they can handle security threats. But cybersecurity is actually the responsibility of everyone in the organization. There is more talk about the processes of security than the awareness side, but low-level attacks like phishing can cause the most damage. When an incident occurs, the impact isn’t on IT: it’s on the entire business, and it can cause financial and reputational damage. Response to a breach must come from the entire organization, as does the ability to protect from an attack.
5. A Breach Can’t Happen to My Organization
Because data breaches in large companies garner all of the attention, there is a pervading—and dangerous—myth that a small organization won’t be a target. If you think a cyberattack can’t happen to you, you’re wrong. Companies of all sizes should have a cybersecurity strategy. Everybody is at risk.
6. The Only Threat Comes From Hackers
Cybercrime is big business, and hackers are responsible for the majority of attacks on your organization. However, threats lurk inside the company. Insider threats can be accidental—the employee clicking on a phishing link or losing a device, for example—or malicious. Malicious insider threats are difficult to defend because these are people who have legitimate access and are looking to steal corporate data or take down the network for personal gain. Accidental insider threats are easier to fix with security awareness training, but that is often lacking in organizations.
Cybersecurity myths can hurt your organization by decreasing your security hygiene and lowering the effectiveness of your security strategy. Keep yourself—and your employees—informed and educated.
Editor's Choice
