IT Security – 4 common myths

While it is up to the IT department and technology vendors to implement IT Security practices, an organisation needs to have a safety first culture. With proper training, communication, and leadership support a company can help mitigate their risk by increasing employee awareness and understanding around cybersecurity. Ultimately the business owners are responsible for protecting their data and they have the most to lose in the event of a successful cyber attack. Here a 4 common IT Security myths.

Myth #1: We’re too small to be a target for cyber criminals.

Reality: Automated tools make finding vulnerabilities much easier for cybercriminals and these tools continue to advance in their sophistication.  A cybercriminal does not need to target an organization to identify a weak security posture.  Their software does the work for them quickly and efficiently. 

When a vulnerability is identified, they can get to work on exploiting the weakness.  They don’t necessarily care who’s system they’re exploiting, so long as there is an opportunity to make a profit.

Myth #2: IT security is the IT department’s problem

Reality:  When you get in your car, you know it is your responsibility to put your seatbelt on.  It is not considered the responsibility of the auto manufacturer or road construction company.  The same is true with technology.  We all use technology daily and protecting ourselves ultimately start with each one of us.

From an organizational governance perspective, the idea of cybersecurity being the sole responsibility of the IT Team is a dated concept.  Proactive organizations recognize the need for cybersecurity and IT professionals to work together seamlessly, but have very different responsibilities.  IT pros focus on maximizing the capabilities and availability of a company’s systems, while cybersecurity professionals ensure implementations are not adding unnecessary risk exposure.  Considering the two separate allows for proper internal checks and balances, and allows new technology to be implemented quickly with reduced risk.

Myth #3:  Outsourced and cloud services make IT security someone else’s problem.

Reality: Outsourced and cloud services do not eliminate the risk of cyber attack.  While cloud platforms are essential for most businesses and make absolute sense to leverage in many cases, they have their own security risks.  Users must also consider the risk of their data in transit between their host machines and the cloud server.  When conducting penetration tests, we often see cloud services hosting applications and data for multiple companies on the same server.  This opens risks of compromise of your data from the vulnerabilities of another company’s use of the platform. 

Again, cloud based technologies are essential and can be highly beneficial for most organizations.  However, they do not make an organization exempt from proper cybersecurity practices.  At the end of the day, when a company’s data is compromised, their partners and customers don’t blame the cloud service provider.  The blame is placed on the company they trusted with their business, resulting in lost brand credibility.

Myth #4: IT Security can be fully achieved

Reality: The ultimate cybersecurity myth is that there is a silver bullet. There is no miracle solution, no cure all to cyber attacks. Cybersecurity is a constant threat and the fight for data privacy is daily. The key is resilience. Your goal is not to achieve perfect security, but to have the systems in place that empower you to react quickly to a cyber attack, and mitigate it before it causes much damage.

Additionally, it is important to be able to have procedures set in place that allow you to get your company back on track efficiently.

Case Studies