It is anticipated that by 2021 the cost of combatting cybercrime will collectively cost organizations $6 trillion. This figure is double the amount reported in 2015 and represents a growing cost of doing business for companies of all sizes.For many, the ability to build effective countermeasures can be limited by a number of factors—such as having the right resources in place. However, another limitation often at play is uncertainty. Therefore, it is important to understand how to effectively separate fact from fiction when it comes to cybercrime threats.
While dismissing such myths may seem like second nature to some, as cybersecurity leaders we must always be in position to educate our employees in the proper identification and elimination of such threats.
Myth #1: Cybersecurity is for the “Big Guys”
Fact: While it may seem that only large enterprises need to worry about falling victim to a cyberattack, according to a Radware report, 98 percent of organizations experienced cyberattacks in 2016. Furthermore, 31 percent of these attacks were directed at small and midsized companies with less than 250 employees. Even worse, when small companies were hit by a cyberattack, a study found that only 60 percent of these companies still existed within half a year of the attack.
Myth #2: It Can’t Be an Inside Job!
Fact: The Radware report found 27 percent of all incidents are caused by malicious or accidental actions that are considered to be “from the inside.” In an article for Forbes, William H. Saito, vice chairman for Palo Alto Networks Japan, says one myth organizations often believe is that protecting yourself is good enough. Saito notes everyone in an organization, from subcontractors to subsidiaries, vendors and accounting firms, can be a liability; whether intentionally or unintentionally. Another survey from the Ponemon Institute found that 65 percent of cybersecurity incidents were caused by an employee or contractor negligence. As industry members it is important to keep this in mind so that a comprehensive approach is developed; one that monitors possible internal issues as well as external.
Myth #3: Private Means Private
Fact: Although surfing the web in private mode prevents the browser from collecting data about a user’s activities, it doesn’t prevent an Internet service provider from monitoring their activity. Only 39 percent of those surveyed (Pew Research) knew broadband companies could see online activity even when you are in private browsing mode. Helping your users to better understand this simple but dangerous myth helps to prevent careless breaches in security.
Myth #4: Disconnecting Distances You from Risk
Fact: Palo Alto Networks’ Saito says you can never know if paper copies of data have been illicitly copied or removed. He also notes that disconnected networks are harder to monitor because of less logging of data that takes place, and the fact they are not updated with security patches as often. This risk is amplified by the Internet of Things (IoT) where individuals and businesses put themselves at risk without realizing a device or piece of equipment is Internet connected.
Education in Separating Fact from Fiction
Identifying and combatting cybersecurity myths can be a challenge for any organization. They have the capability of leading employees down a path of incorrectly assessing threats, which could result in data breaches and financial loss. Thus, the ability to separate fact from fiction when it comes to cybercrime threats could be more valuable than you think.
What are your favorite tips? Share them with the Fuel Community in our Fuel Forums.