It’s Time to Debunk These Common Cybersecurity Myths
Like many of Greek mythology’s greatest heroes, the IT and cybersecurity professionals of today often spend years preparing for an unwanted attack from an unknown creature.
Based on strategies from tales passed down from cybersecurity warriors before them, discover what IT and cybersecurity experts have to say about common myths.
Myth #1: The Majority of Consumers Are Not Vulnerable to Identity Theft
A common misconception when it comes to IT security is that despite having a large digital footprint and storing an average of 3.4 types of personal identifiable information (PII) online, consumers tend to underestimate the risk of their online behaviors leading to identity theft.
According to a recent Experian study, consumers are generally aware of the online threats they face, but often underestimate their personal exposure and actually exhibit online behavior that could increase their chances of becoming a target.
For instance, 43 percent of respondents use public Wi-Fi to shop online, 33 percent share online accounts’ usernames and passwords with others, and 29 percent share mobile device passwords. These are dangerous habits that voluntarily lead PII to become cybercriminals online.
It’s clear there is a disconnect between consumer awareness and understanding their risk, as the majority (62 percent) of respondents said the security of their personal information online was a ‘minor concern they worried about sometimes.’
What’s more, consumers are even less concerned about their PII appearing on the dark web, despite that fact that according to Javelin Strategy & Research, identity fraud resulted in $16.9 billion lost in 2019, and impacted 5.1 percent of customers.
How to Prevent Identity Theft
Preventing identity theft is a much better approach than having to deal with its side effects. Even if you’re careful, it’s hard to avoid all risk, however, you can improve your chances of avoiding identity theft and fraud by doing things like keeping your sensitive documents safe, creating strong passwords, and securing your online data – especially while it’s on the move from point A to point B. One of the best ways to secure your data transfers is by using a managed file transfer (MFT) solution.
Myth #2: Meeting Compliance Regulations Is the “Gold Standard” of Risk Management in Cybersecurity
A second common misconception is that if a business organization is compliant with a security standard such as one from the National Institute of Standards and Technology (NIST) or the International Organization for Standardization (ISO) then they have reached the “gold standard” of risk management in cybersecurity. This should be considered a good start, but is nowhere near the “gold standard.”
Businesses that focus primarily on compliance standards, and not on threat intelligence and analytics too, are likely not to fare as well as organizations that focus on both security and compliance when it comes to discovering compromised endpoints in a timely manner.
The reality is you need to attack from both ends; compliance/controls and threat intelligence with analytics. The good news: you can ensure both compliance with data privacy laws and strong threat protection with solutions like GoAnywhere MFT and DLP.
Related Reading: Why You Should Integrate Your DLP with MFT
Myth #3: You Must Change Your Password Every 90 Days
The misconception around password rotation is one that immediately comes to mind in regard to cybersecurity myths. The “90-day rule” has been around for years and no matter how each individual organization chooses to enforce it, the desired outcome is the same – to make the network more secure and thwart evildoers with a rotation of new and not-yet-hacked passwords.
So, should you really change your password every 90 days? There’s no absolute consensus in the IT industry, but arguments can be made on both sides. However, rather than arguing, a better method is to come prepared with a multi-layered defense by utilizing two-factor authentication and data monitoring.
Or, consider using a password manager like LastPass or 1Password, digital outlets that allow you to securely save your passwords for any relevant account without having to remember them all.
Related Reading: Two-factor Authentication Using SSH Keys and Passwords for SFTP
Myth #4: Hackers Aren’t Interested in Your Supply Chain
Many companies often make their largest investments on customer-facing servers, internal workstations, and their workforce, thus leaving many of the “back end” supply chain resources to fend for themselves. These resources are frequently “legacy” but nonetheless mission-critical EDI and file transfer technologies with dozens of known vulnerabilities.
Smart hackers tend to be very interested in these supply chain deployments for three reasons:
- They know these systems control millions of dollars of payments and shipped goods.
- They know these systems open doors into core systems such as mainframes and customer databases.
- They know that systems that communicate with partners are often Internet-exposed.
Fortunately, many of the same principles that protect other IT infrastructure can be applied to supply-chain technology, including patching, use of secure protocols, use of strong credentials, and monitoring.
Myth #5: Cybersecurity Is an IT-Centric Problem
Too many people tend to believe that security is an IT-centric problem. Now, that might be how it started a couple of decades ago, but security has since evolved to a core and critical business function and needs to be treated as such.
If your organization has experienced incidents or data breaches, it’s a good idea to consider bringing in eyes and ears from outside of the IT department, even though they handle much of what goes on behind the scenes.
Don’t lull yourself into a false sense of security. As cyber risks continue to change, make sure your IT team and anyone else important at your organization is involved with the process to keep cybersecurity at its best.
Related Reading: New Tech and New Hacks: How Are Cyber Risks Changing?
Myth #6: The Key to Security Is to Replace Any Human Tasks with Automation
It’s well known that humans remain the biggest IT security vulnerability. In fact, some of the biggest and most expensive data breaches have been the direct result of human error. Because of this, many companies have turned to tech such as artificial intelligence (AI), machine learning, and robotic process automation to take the human element out of the security equation.
While AI and automation are key components to help keep cybersecurity strong, next-generation IT security should focus on ways to integrate these tech advances, along with human-driven capabilities such as data analytics techniques or intrusion detection tools monitored by personnel.
Employees can also help determine and react rapidly to vulnerabilities, thus making them a valuable asset in regard to cyber threats as methods of cyberattacks continue to transform.
Related Reading: 10 Tips to Protect Your Company’s Data in 2021