Cyber Security is now a regular topic of conversation. A subject that was once only discussed amongst IT professionals, now has a regular seat in the boardroom. Our security experts speak with all types of people every day from the small business owner to the C-level executive of a Fortune 500 company and the conversations are all the same. Over the course of many conversations, we have come up with a list of the top 5 cyber security myths:

1 – Cyber Security is a Technology Problem

As technology advances, so do the types of cyber security attacks, therefore it’s natural to think that it’s a technology problem. However, Verizon’s 2016 Data Breach Investigations Report found human vulnerabilities and errors continue to be among companies’ top data security threats and found cybercriminals still exploit human nature by relying on familiar attack tactics, such as phishing and ransomware. It’s critical to educate your entire staff on how to recognize suspicious emails and to never open attachments from unknown sources. A great new technology created by Beauceron Security is changing team members from unaware to cyber aware and care, allowing organizations to have a dramatic impact on their cyber risk. It brings together threat intelligence, user education and awareness, plus simulated attacks. A crucial component to a great cyber security defense strategy is to educate end users.

2 – Protecting Your Organization is Good Enough

You may be doing everything right when it comes to Cyber Security, but what about all the organizations you work with that have access to your company data? Remember the Target breach of 2013? The one that exposed credit card and personal data on more than 110 million consumers? It turned out to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with Target. It’s crucial that you set up proper access and governance to your network and documents to ensure they are only accessed by those people that are supposed to.

3 – You’re Safer by Not Moving to The Cloud

I get it. The cloud can look like a scary place, especially since a lot of people don’t quite get what the cloud is (check out our blog What is The Cloud). You may feel more secure holding a physical key to a locked door that contains all of your hardware. However, control does not mean security. Studies such as Alert Logic’s State of the Cloud report have found that data location matters less than accessibility.  It also found that on-premise environment users experience an average 61.4 attacks, while service provider environment customers averaged only 27.8. You should talk to a cloud expert and really understand your security and governance requirements, look at how the data is accessed, and look specifically at opportunities to breach. And a vulnerability test is a must-do, whether you’re testing the security of closed-based or traditional systems. Untested systems are unsecured systems.

4 – “I have a firewall so I’m good”

I really like the analogy that NuWave Technology gave about firewalls. Think of a firewall as the front door of your house. If you only have a screen door, it will stop flies and bugs and may get someone to knock nicely. But, it will not stop anyone who really wants to come in. On the other hand, if you have a three foot thick bank vault door, then almost no one is getting through it. Not only does the front door need protection but most of the rooms in the house also need to have doors with locks. This is equivalent to each computer having its own firewall. For several versions Microsoft Windows has included a software firewall with the operating systems. But what if someone is trying to break through your door? An intruder is going to have a much harder time if they have to go through a moat, lasers, and other security systems. Intrusion Detection and/or Prevention (IDS/IPS), patch management technologies, and the results from penetration/vulnerability testing tools are part of the security strategy for an organization. Also needed are security policies, training for those users, and even a risk management plan. A firewall by itself is never enough.

5 – You’ll never get attacked

According to Symantec, ONE MILLION web attacks occurred each day in 2015. Need another scary stat? How about more than 4,000 ransomware attacks have occurred every day since the beginning of 2016 yet only 38% of global organizations claim they are prepared to handle a sophisticated cyberattack. Think your business is too small to be attacked? The largest growth area for targeted cyber attacks in 2012 was businesses with fewer than 250 employees – 31% of all attacks targeted them (Symantec), and 60% of small companies go out of business within 6 months of a cyber attack.  It’s not a matter of IF you get attacked, it’s WHEN.

Cyber Security is scary, but there are some fantastic tools to help keep you secure, and experts in the field that are always happy to help. You’re not in this alone.