• About Us
  • Contact
  • Careers
  • Send Us a Tip
Menu
  • About Us
  • Contact
  • Careers
  • Send Us a Tip
CyberNews logo
Newsletter
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
Menu
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
CyberNews logo

Home » Security » 3 myths around cybersecurity that prevent organizations from being safe

3 myths around cybersecurity that prevent organizations from being safe

by Adi Gaskell
27 January 2020
in Security
0
cybersecurity and prevention
19
SHARES

The 9th annual cost of cybercrime study by consultancy firm Accenture highlighted the tremendous impact of poor cybersecurity practices on organizations around the world. The research pegged the average cost of each attack at $13 million, with the total value at risk to organizations from cybercrime placed at over $5 trillion globally over the next five years.

Despite an average of nearly 150 breaches per year for the typical organization, it’s clear that many are failing in their attempts to shore up their defences. It’s a picture that former National Security Agency cybersecurity expert Thomas Parenty believes is exacerbated by a number of myths surrounding cybersecurity that prevents organizations from taking smart decisions. In his latest book, he outlines three of the most pervasive of these myths.

1. Compliance is enough

When organizations first embark upon efforts to shore up their cyber-defenses, they often begin by exploring how they are currently performing. It’s common in this process to turn to certain regulatory and industry standards to help guide them on their journey. This comes with an implicit belief that if standards can be reached, then this compliance will be sufficient to ensure the organization is protected from all corners.

While standards do have their place, they inevitably address a broad audience, and so run the risk of applying to all but benefiting none. Parenty cites the NIST Framework as an example of a standard that was constructed specifically for the protection of critical infrastructure, yet is widely used in industries as varied as retail and hospitality.

What’s more, the presence of standards can encourage organizations to outsource the identification of threats, and fall into the trap of believing that so long as they are compliant with the standards for their industry, then they are safe from all threats. Indeed, Parenty argues that the work involved in complying to standards often diverts resources from addressing the threats that pose the biggest risk.

2. Employees care about cybersecurity

Employees have a great many cares and desires when they come into work each day, but more likely than not, cybersecurity is not foremost among them. Sure, they don’t want their company to suffer any breaches, but when compared with other motivators, it’s pretty low down their list of priorities.

Arguably at the top of the list is their desire to get the job done, and I’m sure most of us can recount times when we, or colleagues, have had to construct bootstrapped workarounds of official policies, regulations, or systems in order to get the job done. This bootstrapping is quite probably going to lead to security vulnerabilities, but if it means they can meet their targets, get that promotion or bonus, and generally thrive at work, then that’s what will happen.

This situation is often exacerbated by financial incentives that encourage employees to pursue stretch goals. Intense deadlines can push employees to cut corners, and cybersecurity can often be among the first corners cut, with this problem especially significant in markets that demand speed to market and low cost.

3. Defenses need to be commensurate to the power of the attack

In conventional warfare, there needs to be a symmetry between the power of the defence and the power of the attack, but in the cybersecurity world, this symmetry seldom exists. Parenty cites the WannaCry virus that was developed using a tool developed by the NSA. The attack was undoubtedly sophisticated, but the solutions required to defend against it were often very low tech, including updating Windows and ensuring data and systems were backed up.

It’s a situation that underlines the fact that many cybersecurity issues are not caused by technical challenges but rather managerial ones, as the technical solutions are often quite rudimentary, but insufficient priority is given to them to be implemented effectively.

Parenty goes on to cite the Quantum Insert tool, which was developed at the cost of some $32 million by the NSA to monitor our browsing and install malicious software on our computer. The tool is undoubtedly highly sophisticated, yet it requires unencrypted browsing to be effective. By accepting that the defenses we deploy are not usually proportionate to the sophistication of the attacks themselves, it allows us to better deploy resources, and accept that adequate defence is usually something that can be achieved with limited resources and unsophisticated means.

Data such as that from Accenture highlights the challenges many organizations still have in successfully tackling the various cybersecurity challenges they face. Overcoming the three myths identified above should go some way towards improving matters as they help to get the leadership of our organizations into the right mindset to succeed. As with so much in organizational life, that is so often the key first step.

Share19TweetShareShare

Related Posts

Europol building

Europol distributes anti-malware code via the Emotet botnet

28 January 2021
TikTok logo

Potentially massive TikTok vulnerability patched

28 January 2021
The satellite-hacker’s guide to the space industry: don’t panic (yet)

The satellite-hacker’s guide to the space industry: don’t panic (yet)

27 January 2021
Man in front of multiple computers

North Korea has been targeting threat researchers

27 January 2021
Next Post
pink CCPA key on keyboard

Is CCPA the start of a new privacy wave?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Popular News

  • 70TB of Parler users’ messages, videos, and posts leaked by security researchers

    70TB of Parler users’ messages, videos, and posts leaked by security researchers

    83059 shares
    Share 83049 Tweet 0
  • 8 best cybersecurity podcasts for 2021

    56 shares
    Share 56 Tweet 0
  • Walmart-exclusive router and others sold on Amazon & eBay contain hidden backdoors to control devices

    13365 shares
    Share 13361 Tweet 0
  • The ultimate guide to safe and anonymous online payment methods in 2021

    13 shares
    Share 13 Tweet 0
  • Network Attached Storage

    0 shares
    Share 0 Tweet 0
Europol building

Europol distributes anti-malware code via the Emotet botnet

28 January 2021
Is PayPal’s crypto move a game-changer for bitcoin?

Cryptocurrency crime drops in 2020 but ‘DeFi’ breaches rise, study finds

28 January 2021
Privacy is an illusion. But that‘s a good thing

Privacy is an illusion. But that‘s a good thing

28 January 2021
Will quantum cryptography break classical encryption?

Will quantum cryptography break classical encryption?

28 January 2021
TikTok logo

Potentially massive TikTok vulnerability patched

28 January 2021
The U.S. flag is seen on a building on Wall St.

Costly short squeeze makes Reddit required reading on Wall Street

28 January 2021
Newsletter

Subscribe for security tips and CyberNews updates.

Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Categories
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
  • VPNs
  • Password Managers
  • Secure Email Providers
  • Antivirus Software Reviews
Tools
  • Personal data leak checker
  • Strong password generator
About Us

We aim to provide you with the latest tech news, product reviews, and analysis that should guide you through the ever-expanding land of technology.

Careers

We are hiring.

  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!