Almost every day, following the news regarding COVID19 and the latest US election shenanigans we hear about a cyber breach or incident or some poor soul being cheated of their life’s earnings and business. All of those cybersecurity-related scary stories bring out all the myths and beliefs you, as a manager, have about IT and security. In this article, we would like to address some common ones and try to dispel them for good.
Unfortunately, this is not the case. Most companies lack internal processes, expertise, and resources to handle even the most basic security incidents. To fix this you will need anywhere between 5 and 30 systems working together, as well as a level of cooperation never seen before. With that being said…
There are incredibly many steps you can take to improve the security of your company with relative ease, even if you don’t have an IT security specialist in place. Start by looking at processes and data and then get a few sessions with a security consultant.
As you know, the assumption is the mother of… a lot of things. In today’s cyber-society risks and opportunities change rapidly, meaning that your team members who were „savvy“ last year are no longer. It is not a problem though, as long as you keep your team trained on the most recent risks and practices.
Good for you! We assume (?) that your IT manager is a great person with excellent skills. Except, the IT security field and threats change daily. And your IT manager, most likely, is already overloaded with 50 other tasks and projects with businesspeople demanding miracles from him. And when he tries to catch up with security, he gets bombarded by acronyms and words, which weren’t there a couple of years ago. “John, you should definitely invest in CASB! Also, the XDR approach is far superior to your SIEM strategy, especially if complemented with a strong UEBA.”
True! But your business is also highly digital at this point and a serious cyber-security incident can do millions in damages before you even understand what happened. Imagine if your sales force lost access to all their email and files for a week. Or if manufacturing or other equipment stopped operating for several days or weeks.
There is a type of company, which isn’t affected by GDPR. I used to run one when I was 12. It involved me gathering blueberries in the wood and then selling those at a local market for cash. No personal data whatsoever. But if I were to do the same thing today, I would immediately start gathering personal data of my customers (to sell them more berries of different kinds) and hire a few people to help with gathering.
It is possible that large hacking groups, who specialize in attacks against states and multinationals, are not interested in some random EU company. However, there is close to 100 known hacker group in Eastern Europe alone. And many of the smaller ones pray on smaller targets. Why bother with trying to harpoon a whale while you can safely attack smaller companies and extort 5-10k euros per attack?
Unfortunately, cybersecurity investments tend to have a high level of depreciation, unless they were incredibly “smart”. Also, if that investment helped protect your company – then it was probably well worth it. As a business leader, you should see cybersecurity as an important risk factor and ensure a long-term mitigation strategy.
Unfortunately, home networks (and computers) are generally speaking much less protected than office ones. Also, people tend to mix private and business affairs even more at home. Then there are their wonderful family members and kids who casually “borrow” computers from your employees. Home officiation has created one of the biggest security threats we have seen.
Here is a fun fact – cybersecurity is part insurance and part – a business enabler. And it makes much more sense to invest in those early, rather than later. The insurance component is there to protect you, so investing after the incident is often done sporadically and without time to work out a strategy. The same applies to business enablement – we have seen plenty of large companies ask their suppliers some profoundly serious questions about cybersecurity (and data protection). If you fail to answer those, you might lose a sale. Do you want to let one incident or large sale slip before starting to deal with the inevitable?
We hope that these myths and thoughts will help you and your colleagues have a fresh perspective on cybersecurity. If you are still in doubt – contact us for a meeting and a preliminary assessment.
Explore the fusion of service design and cybersecurity in our latest blog post, inspired by KüberCAST’s enlightening episode with Andres Kostiv. Learn how this integration not only enhances digital service innovation but also fortifies user trust and safety in the evolving digital landscape.
Dive deep into the world of cybercrime with insights from Alexander Leslie of Recorded Future, exploring the LockBit ransomware’s rise and fall, the strategies behind its operation, and the collaborative efforts leading to its takedown.
Delve into the complexities of data security and AI, understanding how these pivotal technologies are transforming business strategies and operational efficiencies.
