By Richard Arneson
It could be argued that network security is similar to the average man’s relationship with the doctor’s appointment. It isn’t seen as important until something goes wrong.
Appointment-fearing men aside, the following are seen as the two (2) most common myths concerning network security, at least according to Ciaran Martin, the CEO of the National Cyber Security Center, which is the cyber arm of Great Britain’s Government Communications Headquarters (GCHQ). Martin went on to issue this admonishment: “There isn’t much of an excuse any longer for not knowing about security as a business risk.” Nobody can argue his point, even though many don’t abide by it.
Myth One (1)—cyberattacks are targeted
While it’s true that cyberattacks are becoming slightly more targeted, the majority—as in just slightly under a hundred percent (<100%)
— aren’t prejudiced. They don’t care one (1) whit who they’ve trap in their web of deceit, lies and downright evil. Many companies still feel they’ve been flying under the radar due to the size or their organization or the industry in which they work. They think their anonymity somehow shields them from attacks. According to Martin, they don’t believe they’ll ever appear in the crosshairs of a cyberattack. “Tell that,” Martin said, “to the Western business leaders hit by NotPetya in the summer of 2017.” That malware attack, which was originally launched by Russia to infect Ukrainian networks, quickly spread throughout the world like a California wildfire. The damages to businesses globally reached around $300M. They’re rarely targeted! Myth Busted!
Myth Two (2) —cyber security is just too darn complicated
While this myth may sound like an April Fool’s joke, it’s not. Other than it being February 13th, it’s astounding, according to Martin, how many C-level executives share this sentiment. According to Martin, “When I view businesses in the UK and around the world, I’m often amazed by the sheer complexity and sophistication of the businesses and the risks that they manage.
“A company that can extract stuff from way below the ground, a company that can transport fragile goods to the other end of the planet in a really short period of time, a company that can process billions of financial transactions every hour is more than capable of managing cyber security risk.”
While this isn’t a security panacea, your company’s security posture can be substantially strengthened by ensuring software and systems are up-to-date. That doesn’t sound so complicated.
Here’s another easy security measure to implement: Conduct security awareness training. Create policies concerning network security, provide accompanying training, and heavily stress the importance of strictly adhering to them. For every employee (and there could be hundreds, maybe thousands) who rolls their eyes at what might seem like commonsensical security training, all it takes is that one individual who doesn’t pay attention.
If nothing else, communicate this to employees: Make sure they ask themselves, prior to opening a link or attachment:
- Do I know the sender?
- Do I really need to open this link or file?
If they don’t consider these questions, your organization could be ripe for the picking. Myth Busted!
Let these folks take the complexity out of your security posture
To find out how to secure your organization’s network and protect its mission critical data, contact GDT’s tenured and talented engineers and security analysts at SOC@GDT.com. From their Security and Network Operations Centers, they manage, monitor and protect the networks of companies of all sizes, including those for some of the most notable enterprises, service providers, healthcare organizations and government agencies in the world. They’d love to hear from you.
If you want more information about network security, check out the following articles: