Back in 1990s, internet was often described as "a domain for the nerds". But, sadly, that quote was reiterated from a US White House official explaining how cybersecurity is perceived today. We are setting a precedence for a vulnerable future by reducing security to those "nerds". With several cybersecurity myths hovering over, the haze around realistic assessment of the current situation isn't going to be cleared soon. Therefore, it is quintessential for us to debunk such myths before we take on the threat.
Myth #1: "Cyber risk" belongs to an exclusive category
Classifying organization risk as merely "cyber risk" will only undermine gravity of the threat. William H. Saito, Special Advisor of the Cabinet Office for the Government of Japan writes, "There's no such thing as "cyber risk" -- it's risk." in his much-viewed piece in Forbes magazine. He educates readers that cyber risk encompasses intellectual property to safety of personnel and that it needs equal attention from senior management and executive team.
Myth #2: Cybersecurity is a new form of threat we haven't encountered
It maybe natural to lean toward believing cybersecurity as a challenge unlike you've faced before. But history will tell you nothing's truly new. Back in the Victorian era, when communications and commerce underwent a change with innovations in technology, the threat perceived was no different. Wrestling among horse riding, telegraph, and wireless radio was equally--if not more--an avant-garde experience
Myth #3: Knocking down cybersecurity to an "IT issue"
Cyber threats when designated as "IT risk" will only encourage pervading through the entire system. It's essential to know, cyber risks cut across departments and that's what is menacing. Information once digitized, there's no earmarking cyber threat to a department.
Myth #4: Cyberattacks are common--several organizations are attacked everyday
Counting number of cyberattacks is a futile exercise because, it is as good as counting bacteria. What matters is the impact. Sometimes numbers lie. The attacks that are thwarted by elementary defences are also considered at times. So, they can be a conflating mixture. Wise action would be to measure the risks and prioritize the way to deal to with them.
Myth #5: Relying on software is safe enough
Although good software is key to defend cyberattacks. It is not enough to view software in isolation. People are the numero uno threat. It is essential you invest in training your resources and improve the usability of cyber software, thereby, striking a fine balance between safety and usability.
Myth #6: Hackers do no target SMEs
The assumption that hackers do no prefer SMEs is a precarious one. SMEs not investing appropriately in cybersecurity is what encourages attackers. Hackers can easily access your information, which could be valuable. A report published in 2015 by HM Government confirms the susceptibility with 74% of SMEs reporting a security breach.
Myth #7: Manufacturers are responsible for a secure system
True. Device makers should be more responsible in creating secure products that are robust. But, it is often people who are unpredictable and unreliable. People find ways to bypass security by using devices that are not so secured--smartphones and tablets.
Myth #8: My information isn't worth stealing
No individual wants their private information to be stolen. Storing and sharing information on the web is always going to be a problem, lest we deal with it sooner. End-to-end encryption through a VPN is a secure way of sharing information over the web.
Myth #9: Internet of things curtails vulnerability
The advent of IP V6 will usher a new age of connectivity. All devices like TVs, washing machines, refrigerators, dishwashers and so on will soon be assigned an IP. You will have remote access to your home devices. However, by design, it makes your home more susceptible than ever. It is hoped that manufacturers will soon recognise devices are potential routes to our sensitive information and act so.
Myth #10: 'Hackers' are the biggest threat
There will be bad folks doing unacceptable things. But ignoring the institutions that sometimes pretend to be our regulator is also dangerous. Governments have been framing policies to have greater control over your data. Any such attempt must be opposed at a policy level so that the trust among the internet users is upheld.