DarkReading just published an article “10 Cybercrime Myths that Could Cost You Millions“. This information is so on point, that we wanted to share it, and also add some advice of our own for each myth.
Myth #1 – Only large enterprise needs to worry. Tell that to the SMBs that were targets of over 30% of all attacks in 2016. Attackers know that SMBs often store valuable data without the costly technical controls and regular staff training to protect it effectively. Evaluate your risk so you can determine what makes business sense to address it.
Myth #2 – Threats are overrated. Actually, it would be almost impossible to over estimate the threats since some reports show an average organization facing upwards of 10 attempts a day, and that’s just what is detected. Make sure you have monitoring in place that can detect threats so you know what you are being hit with.
Myth #3 – Bad guys are always outsiders. Not always. Many exposures are caused by your own staff, usually because they don’t know they’ve been tricked into sharing credentials or downloading malware. Test your staff to see if they are susceptible.
Myth #4 – You’re prepared to fight cybercrime. Are you really? How do you know? Confirm that you have an Incident Response plan that includes a variety of scenarios and appropriate resources to address remediation in case of an incident.
Myth #5 – Cyber insurance is hard to get. It would be far more accurate to say the right cyber insurance coverage is not a given. You need to speak to an agent who specializes in matching your risk to the appropriate carrier so you don’t assume you are protected and find out the hard way after an incident occurs. We can refer you.
Myth #6 – Your PCs have antivirus and encryption so you’re fine. Antivirus relies on known exploits that it can prevent and encryption may not be in place at all stages when data is collected, transmitted and stored. What about mobile devices? What analysis do you have to look for anomalous behaviors that could indicate a compromise that antivirus has missed?
Myth #7 – You have great firewalls and network security, why bother? Have you considered that almost 60% of attacks are at the application layer? Applications developed in-house are often lacking security measures and should be tested.
Myth #8 – Millennials are digital natives and more cautious. While they may be more techncially savvy, they are also less likely to worry as much about digital privacy. Your cyber use policies and procedures need to be clear on what is considered acceptable use for your organization, including social media posting.
Myth #9 – Strong passwords solve the issue. Strong passwords are just one of the many layers you should have in place. Two-factor authentication adds another layer, and again, monitoring for unusual behavior patterns can help pinpoint if credentials have been compromised.
Myth #10 – Let’s hire some IT security gurus. First you have to find them. Then you have to pay for them, including ongoing training and manage to retain them in a very competitive market. Or you can make our team an extension of yours.