Skip to main content

Intelligence assured

Subscribe to future blog posts featured in our newsletter

Read more about how we handle personal data

Advenica

Last week, Swedish television reported about a break-in at a water station in Järbo, located in Sweden.

The perpetrator might had contaminated the water – and the public was therefore told to collect water from tank trucks until laboratory evidence showed that the water was safe to use.

Two days later, the danger was over.

waterpump

But what if the target was not the water, but the IT systems? One can prevent a regular door from locking by placing a newspaper in the doorway. Similarly, it is possible to prepare an IT system for future attacks. It is very common for computer networks to be exposed and in principle unprotected within a facility. Connecting a computer in the size of a matchstick for a few seconds is all that is needed. There is also no laboratory that can provide a test result that will show if you have been attacked or not.

To protect yourself, two things are essential: awareness and segmentation. Advenica can help you with both.

Advenica

Organisations are becoming more enlightened about the threats that cyberattacks provide. According to the 2017 State of Endpoint Security Risk Report by Ponemon Institute, 7 out of 10 organisations feel that the risks have increased during the previous year. Despite the positive fact that awareness is increasing, organisations now seem to believe too much of what they hear. When misconceptions (or rather myths) about cybersecurity are circulating freely, how do we know what to trust?

Myth #1: All attacks are noticeable

The notion that a user will automatically notice an attack is no longer accurate. Cyberattacks are becoming more sophisticated and the notion that there will appear a clear signal on your screen is no longer true.

That we will always notice an attack is based on another misconception – that we know what we are looking for. If we haven’t been previously exposed to a certain threat, we may not recognize it as one.

Myth #2: Software is the solution

Installing anti-virus or anti-malware software is a step in the right direction to keep threats out. The problem with anti-virus software is that it will only protect against previously known virus signatures. With the increasing sophistication of attacks and development in new techniques, this is no longer considered sufficient protection. Fileless attack techniques is just one example. These attacks don’t rely on malicious executables, which is what the software analyses to detect a virus.

myths cybersecurity

Thankfully the belief in this myth already seems to be declining. The 2017 State of Endpoint Security Risk Report also showed that almost 70% of organisations feel that antivirus software isn’t enough protection against potential threats anymore.

70% of organisations feel that antivirus software isn’t enough protection against potential threats

If software isn’t enough, then can we automatically say that the more expensive and highly technological solutions you have, the safer your data is? Sadly, this is another misconception. If your organisation lacks understanding of the system’s function, the overall purpose, sufficient protocols or a trained system administrator, the price tag will become irrelevant.

Read more about too much faith in technology in our previously published blog post "Are we taking cybersecurity seriously enough?"

Myth #3: 100 % cybersecurity is achievable

If we can agree on the fact that we won’t always notice an attack and that antivirus software or even more complex technology on its’ own isn’t the answer, than what is?

If we take all the previous factors in consideration, will this ensure us complete security? This brings us to yet a misconception – that there is such a thing as 100% cybersecurity.

100 % protection may currently not be achievable due to the fast pace of change in attack techniques, but it doesn’t mean that organisations can’t keep their information safe.

myths cybersecurity

Avoiding myths with the right resilience

There are many more myths to uncover about cybersecurity and it is important to turn them inside out before deciding what to believe. Organisations should keep a holistic mindset, which means that cybersecurity needs to be a strategic decision, not just a defense mechanism.

Cybersecurity needs to be a strategic decision, not just a defense mechanism

Unfortunately, today’s organisations do not seem to feel this way. NTT Security’s survey showed that a third of the participating organisations would rather pay a ransom to a cybercriminal, than to invest in cybersecurity.

Reacting once an attack has been detected (if it is detected) is not the key, prevention and resilience is. This is something we should make sure isn’t considered a myth.