Myth 1: Small organizations aren’t targeted by hackers
It’s a common misconception that hackers overlook small organizations and focus on large organizations only, but the truth is that virtually every web-based attack (98%) is opportunistic in nature, according to the 2015 Verizon Data Breach Investigations Report (DBIR).
In fact, because of this misunderstanding, small organizations tend to have inadequate levels of cybersecurity (more so than large organizations) and are actually an ideal target for hackers.
What’s worse is that 60% of small organizations that are compromised close down within six months.
Every organization – large and small – needs to strengthen its cybersecurity procedures.
Myth 2: It’s really expensive to be cyber secure and the ROI isn’t worth it
It’s true that being cyber secure costs money, but effective cybersecurity is actually a lot more affordable than people think, and considerably cheaper than suffering a data breach (now averaging $6.5 million).
It’s impossible to put an average cost on being cyber secure as every organization is different – in terms of size, resources, etc. – but organizations can implement ISO 27001, the internationally recognized cybersecurity standard, from as little as $659 with Avant.
In terms of return on investment (ROI), it’s hard to quantify the savings from an attack that didn’t happen, but the whole idea of cybersecurity is to decrease the costs related to security problems (i.e. incidents). If you manage to decrease the number and/or extent of security incidents, you will save money. In most cases, the savings achieved are far greater than the cost of the safeguards, so you will ‘profit’ from cybersecurity.
Myth 3: Cyber threats are a technology problem so a technology solution will fix them
Implementing the latest AlienVault solution may keep track of attacks or unusual activity, but it won’t get to the root of the problem.
It won’t prevent your staff from clicking on malicious links in emails, from letting a stranger through your organization’s front door, or from sending unencrypted customer data to someone outside the organization.
A comprehensive, holistic approach that covers your people, processes, and technology is the only real answer to achieving true cybersecurity, and ISO 27001 is the only internationally-recognized cybersecurity standard that addresses all of these three areas.
Myth 4: Hackers are your biggest threat
Reports show that your employees are in fact your biggest threat.
“Internal attacks are one of the biggest threats facing your data and systems,” states Cortney Thompson, CTO of Green House Data. “Rogue employees, especially members of the IT team with knowledge of and access to networks, data centers and admin accounts, can cause serious damage,” he says.
As well as disgruntled employees, you also need to be aware of careless or uninformed employees – those who mistakenly leave their work cell phone in a taxi, have weak passwords, or click on links in suspicious emails – and how your partners and suppliers are handling their cybersecurity. These all pose enormous security threats to your systems and data, and tend to be more insidious.
Myth 5: I don’t need cybersecurity – I have cyber insurance
Although cyber insurance seems like a fail-safe, simple way to tackle cybersecurity, it is often the opposite. Many cyber insurers include clauses stating that failing to implement basic cybersecurity measures will void your coverage, so it’s really important to check your policy carefully.
Insurance protection is just one of the ways to mitigate costs; you must also consider having an incident response plan and team in place, extensive use of encryption, business continuity management involvement, CISO leadership, employee training, board-level involvement, and other factors.
ISO 27001 – the world’s most comprehensive standard to achieving complete cybersecurity
We touch on ISO 27001 frequently at Avant because of its comprehensive, holistic approach to cybersecurity and its worldwide recognition.