Myth 1           

Hackers only go after large companies because small businesses do not offer anything of value to them.

Reality

Most cyber attacks happen to small and midsize companies. Any business that maintains customer, employee or financial data is a potential target for a cyber attack. Businesses that use technology to communicate, store data or connect with suppliers and customers are also exposed. Due to their size and relative lack of IT knowledge and resources, SMEs are especially vulnerable, and hackers know it. Small and midsize businesses are particularly vulnerable to malware attacks, ransomware, business email compromises, supply chain hacking, remote access trojans, drive-by downloads, spyware infections and security breaches via IoT.

Recommendation

Educate yourself, and bring together members of your senior leadership team to determine your company’s current cyber security status. Conduct an informal audit of the business. Get a sense of the level of security your business has today. Work with subject matter experts, understand the threats facing your business, perform a self-assessment and identify the critical assets in your company. This will help you figure out where to prioritise your areas of defence.

Q4 2017 – Vistage, in partnership with Cisco and the NCMM, conducted a survey to gauge the preparedness of SMBs for cyber attacks and determine the business impact of these kinds of attacks. A total of 1,377 CEOs participated. Only 38% of SMB CEOs said that their company had a cyber security strategy in place that was both current and reviewed on a regular basis. 62% of SMBs do not have an up-to-date or active strategy.

Myth 2

Anti-virus software and firewalls are 100% effective.

Reality

Anti-virus software and firewalls are important for protecting your information. However, neither is guaranteed to protect you from an attack.

Hackers are sophisticated computer criminals who are constantly refining their tactics. They understand strategies adopted by a firewall. Disrupting codes and exploiting basic IT oversights to gain access to any computer system is a piece of cake for them.

The time it takes cyber criminals to compromise a system is often just a matter of minutes, or even seconds. They don’t need much time to extract valuable data – they usually have much more than they need as it typically takes organisations weeks or months to discover a breach. As a matter of fact, 68% of breaches took months or longer to discover. 

Recommendation

Businesses should build defences against cyber threats. Should an attack be detected, businesses need to be prepared to respond quickly. In many cases, it is not even the organisation itself that spots the breach. It is often a third party, like law enforcement or a partner. Worst of all, many breaches are spotted by customers.

Myth 3

All assets in the organisation must be protected the same way.

Reality

Not all data is created with equal value. The customer data associated with a bank’s credit card programme or a retailer’s loyalty card programme is of greater value than the generic invoice numbers and policy documents that companies generate in-house. Companies do not have endless resources to protect all data at any cost, and yet most deploy one-size-fits-all cyber security strategies.

Recommendation

A good cyber security strategy provides differentiated protection of the company’s most important assets, utilising a tiered collection of security measures. Business and cyber security leaders must work together to identify and protect those corporate assets that generate the most value for the company. They can prioritise assets and then determine the strength of cyber security protection required at each level.

Myth 4

My business is compliant, so we must be secure.

Reality

It is a common but risky mistake when businesses mistake compliance for the end-all-be-all of security. Yes, it is important that your organisation meets its compliance standards, but doing so won’t ensure your business is protected from a cyber attack.

Recommendation

Every organisation should be looking to its IT team or advisor to mitigate malicious threats, not its compliance standards. For example, your company may be meeting its compliance expectations, but what if a cyber criminal uses social engineering or phishing to infiltrate your network? Such an attack cannot be prevented by technology or security alone and your business must have a custom strategy to change the culture of your organisation to one that is vigilant and aware of the latest security threats.

Myth 5

It’s too expensive to implement a Cyber Security Programme.

Reality

Mitigation or avoidance of risk via a cyber security programme is surprisingly cost-effective when you choose a managed solutions provider with the capabilities to understand and prioritise the requirements of your business.

Recommendation

It is an increasingly dangerous path to let common myths and a lack of internal expertise, budgeting or planning to create vulnerabilities that are easily exploited by cyber criminals – especially with affordable, managed cyber security solutions within your grasp.

Get proper protection before cyber attacks become your nightmare

Talk to our cyber security experts to prepare your network for security challenges.  www.redtone.com

Categories: Cyber security

janice lim