Cybersecurity Myths Debunked. Cybersecurity experts from around the world share their favorite security myths.

Similar documents
THALES DATA THREAT REPORT

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Combating Cyber Risk in the Supply Chain

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

Managed Endpoint Defense

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

Background FAST FACTS

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY. Perspectives from U.S. and Japanese IT Professionals

Sage Data Security Services Directory

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

THE CYBERSECURITY LITERACY CONFIDENCE GAP

Business White Paper. Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Security in India: Enabling a New Connected Era

State of Cloud Survey GERMANY FINDINGS

The Value Of NEONet Cybersecurity. Why You Need To Protect Your The Value Of NEOnet Cybersecurity. Private Student Data In Ohio

Build Your Zero Trust Security Strategy With Microsegmentation

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

Best Practices in Securing a Multicloud World

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

2018 Mobile Security Report

Attackers Process. Compromise the Root of the Domain Network: Active Directory

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Healthcare HIPAA and Cybersecurity Update

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Cyber Security Stress Test SUMMARY REPORT

Sensitive Data Loss is NOT Inevitable

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

Cyber Risks in the Boardroom Conference

SGS CYBER SECURITY GROWTH OPPORTUNITIES

Security in a Converging IT/OT World

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

Uncovering the Risk of SAP Cyber Breaches

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk

Cyber Fraud What can you do about it?

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

UNLOCKED DOORS RESEARCH SHOWS PRINTERS ARE BEING LEFT VULNERABLE TO CYBER ATTACKS

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

IT Security: Managing a New Reality

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

The Quest for Independence - Information Security Management Pyramid. Mikhail Utin, CISSP, PhD, Daniil Utin, MS and Rubos, Inc.

Incident Response. Tony Drewitt Head of Consultancy IT Governance Ltd

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

Mastering The Endpoint

From Russia With Love

Security. Protect your business from security threats with Pearl Technology. The Connection That Matters Most

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Tripwire State of Container Security Report

Internet of Things Toolkit for Small and Medium Businesses

The Cyber War on Small Business

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Kaspersky Security. The Power to Protect Your Organization

Data Breaches: Is IBM i Really At Risk? All trademarks and registered trademarks are the property of their respective owners.

SECURITY AUTOMATION BEST PRACTICES. A Guide to Making Your Security Team Successful with Automation

mhealth SECURITY: STATS AND SOLUTIONS

Who We Are! Natalie Timpone

Cyber Security Guidelines for Public Wi-Fi Networks

Must Have Items for Your Cybersecurity or IT Budget in 2018

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

Cybersecurity for the SMB. CrowdStrike s Murphy on Steps to Improve Defenses on a Smaller Scale

Cybersecurity Auditing in an Unsecure World

Cyber Risk & Mitigation Strategies for the Real World

Cloud Communications for Healthcare

A Comedy of Errors: Assessing and Managing the Human Element of Cyber Risk

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

THE EVOLUTION OF SIEM

A quick-reference guide to secure your organization s data and reduce cybersecurity attacks

Symantec Security Monitoring Services

The Cost of Denial-of-Services Attacks

An All-Source Approach to Threat Intelligence Using Recorded Future

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

Hearing Voices: The Cybersecurity Pro s View of the Profession

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

Department of Management Services REQUEST FOR INFORMATION

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

SECURITY AUTOMATION BEST PRACTICES. A Guide on Making Your Security Team Successful with Automation SECURITY AUTOMATION BEST PRACTICES - 1

Encrypting PHI for HIPAA Compliance on IBM i. All trademarks and registered trademarks are the property of their respective owners.

2017 THALES DATA THREAT REPORT

Chapter 11 Databases. Computer Concepts 2013

Securing Digital Transformation

with Advanced Protection

Retail Security in a World of Digital Touchpoint Complexity

Meeting FFIEC Meeting Regulations for Online and Mobile Banking

Cyber Security Program

Security-as-a-Service: The Future of Security Management

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

Security and Privacy Governance Program Guidelines

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

Cybersecurity and Nonprofit

Building cyber resilience into our railway s DNA. Matthew Simpson. Technical Director, Cyber Security

ADDRESSING TODAY S VULNERABILITIES

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

HEALTH CARE AND CYBER SECURITY:

Five Reasons It s Time For Secure Single Sign-On

Transcription:

Cybersecurity experts from around the world share their favorite security myths.

Introduction The life of a cybersecurity professional looks a lot like the plot of a Greek mythology action movie. We spend years preparing for an attack by an unknown creature, basing our strategy on tales passed down from cybersecurity warriors before us. DDoS attacks are waged by the mythical Hydra with multiple heads attacking from every angle; phishing emails are released, disguised as alluring calls from beautiful Sirens. Along with these aggressions come the myths of how best to defend against such attacks. Which is why HelpSystems set out to debunk some of the most popular cybersecurity myths that exist today. 2

Meet the Experts We asked six uniquely-qualified security experts from around the world to debunk their favorite IT security myths. Read on to discover their answers. Michael Bruemmer Vice President Experian Data Breach Resolution & Consumer Protection Bob Carver CISM, CISSP, M.S. Sr. Security Analyst Verizon Wireless Troy Hunt Author at Pluralsight Microsoft Regional Director Creator of Have I Been Pwned? (HIBP) Jonathan Lampe, CISSP, GSNA, CFTP Executive Director Certified File Transfer Professional (CFTP) Program Kevin Beaver Independent Information Security Consultant Principle Logic, LLC Author of Hacking For Dummies, The Practical Guide to HIPAA Privacy and Security Compliance, and 10 other security books Ben Cole Senior Site Editor SearchCompliance.com, SearchCIO.com 3

Myth #1 The majority of consumers are not vulnerable to identity theft. A common misconception I've observed when it comes to IT security is that despite having a large digital footprint, consumers underestimate the risk of their online behaviors resulting in identity theft. According to a recent Experian study, consumers are generally aware of the threat, but underestimate their personal exposure and actually exhibit online behavior that could harm vs. help their chances of becoming a target. For instance, 43 percent of respondents use public Wi-Fi to shop online, 33 percent share online accounts' usernames and passwords with others, and 29 percent share mobile device passwords. These are dangerous habits that voluntarily lead personally identifiable information (PII) to become vulnerable to cybercriminals online. Clearly, there's a disconnect between consumer awareness and understanding, as the majority (62 percent) of respondents said the security of their personal information online was a minor concern they worried about sometimes. What's more, they're even less concerned about their PII appearing on the dark web. There's a major learning opportunity for consumers to educate themselves on the risks of identity theft and proper online behaviors to protect their personal data online. Michael Bruemmer Vice President Experian Data Breach Resolution & Consumer Protection 4

Myth #2 Meeting compliance regulations is the gold standard of risk management in cybersecurity. A common misconception is that if a business entity is compliant with a security standard such as NIST or ISO that they have reached the gold standard of risk management in cybersecurity. This should be considered a valiant good start, but nowhere near the gold standard. I have seen businesses that have focused primarily on compliance to standards and not on threat intelligence and analytics that did not fare well on discovering compromised endpoints. This could be due lack of visibility or perhaps overconfidence. On the other end, I have seen entities that focused on threat intelligence and analytics that were able to discover compromises faster and more often than other business with far more controls in place. The reality is you need to attack from both ends; compliance/controls and threat intelligence with analytics. Bob Carver CISM, CISSP, M.S. Sr. Security Analyst Verizon Wireless 5

Myth #3 You must change your password every 90 days. The misconception that comes immediately to mind is the one about password rotation, where they say every three months you need to change your password. It's really interesting because we have this mix of opinions at the moment where most organizations say you must rotate your password every 90 days in order to keep it secure and on the other side you have The National Cyber Security Centre of the British government and NIST saying don't do this because it makes it worse! And I love the rationale that they use, it's just so pragmatic: If someone gets your password, they're not going to wait 90 days to use it, they're going to use it now! Troy Hunt Author at Pluralsight Microsoft Regional Director 6

Myth #4 Hackers aren t interested in your supply chain. One of the worst misconceptions in IT security today might be that hackers aren't interested in your supply chain. Companies I've worked with often make their largest security investments on customer-facing servers, internal workstations, and their workforce, leaving many of the back end supply chain resources to fend for themselves. Often these resources are legacy but nonetheless mission-critical EDI and file transfer technologies with dozens of known vulnerabilities. Smart hackers are often very interested in these supply-chain deployments for three reasons. First, they know these systems control millions of dollars of payments and shipped goods. Second, they know these systems open doors into core systems such as mainframes and customer databases. And third, they know that systems that communicate with partners are often Internet-exposed. Fortunately, many of the same principles that protect other IT infrastructure can be applied to supply-chain technology, including patching, use of secure protocols, use of strong credentials, and monitoring. Unfortunately, the question is usually whether the will, budget and know-how to actually implement appropriate security controls in supply-chain environments actually exists. Jonathan Lampe, CISSP, GSNA, CFTP Executive Director Certified File Transfer Professional (CFTP) Program 7

Myth #5 Cybersecurity is an IT-centric problem. Too many people tend to believe that security is an IT-centric problem. Sure, a couple of decades ago, that's how it started out but security has since evolved to a core and critical business function and needs to be treated as such. Unfortunately, people from every side: IT, management, and users still automatically assume that security is technical in nature and is being properly handled by IT staff. IT professionals perpetuate this by proclaiming that everything is in check when, looking behind the scenes, it's really not. This false sense of security is a large part of why we are still experiencing incidents and data breaches. Well, that combined with the lawyers who have jumped aboard the security train and are trying to stop the attacks with their paperwork. Kevin Beaver Independent Information Security Consultant Principle Logic, LLC 8

Myth #6 The key to security is to replace any human tasks with automation. My least favorite IT security misconception is that data security can be completely automated. It's well known that humans remain the biggest IT security vulnerability some of the biggest and most expensive data breaches in the last five years were the direct result of human error. This had led many companies to turn to tech such as artificial intelligence, machine learning, and robotic process automation to take the human element out of the security equation. But next-generation IT security should focus on ways to integrate these tech advances with human-driven capabilities such as advanced data analytics techniques or intrusion detection tools monitored by personnel. Employees can also still help determine and react to rapidly changing vulnerabilities, a valuable trait as threats and attack vectors continue to change. As a result, the misconception that IT security can be run by set it and forget it type applications is misguided, and potentially dangerous, as threats proliferate. Ben Cole Senior Site Editor SearchCompliance.com, SearchCIO.com 9

Do you have a favorite cybersecurity myth of your own? Tweet your myth with the hashtag #SecurityMyth to continue the conversation. 10

HelpSystems, LLC. All trademarks and registered trademarks are the property of their respective owners. GA-SCR-MYT-DBN-0717-01 About HelpSystems Organizations around the world rely on HelpSystems to make IT lives easier and keep business running smoothly. Our software and services monitor and automate processes, encrypt and secure data, and provide easy access to the information people need.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback