Five Cybersecurity Myths to Leave Behind in 2019
Cybersecurity threats continue to increase in prevalence, severity and sophistication. The evolving nature of cybersecurity, coupled with changing regulations, gives rise to misunderstandings, challenges and sometimes security myths.
The following article dispels common cybersecurity myths to enhance your firm’s overall cybersecurity intelligence and preparedness.
Myth 1: A Strong Password is Enough to Keep your Business Safe
Strong passwords are one of the foundations of good cybersecurity practices, especially for businesses. However, implementing and enforcing strong password policies is only the start. In fact, one of the major components of cybersecurity preparedness that companies overlook isn’t how people access the information — it’s what information is available in the first place.
Myth 2: Cybersecurity Threats Come From the Outside
While outsider threats are certainly a concern and should be monitored extensively, insider threats are just as dangerous and should be watched just as closely. In fact, research suggests that insider threats can account for up to 75 percent of data breaches. These threats can come from anyone on the inside, from disgruntled employees looking for professional revenge to content employees without proper cybersecurity training, so it’s important to have a system in place to deter and monitor insider threats.
Myth 3: Hackers Aren’t Going to Target my Small Sized Business
The proliferation of high-profile hacks in the news often tricks small-sized businesses into thinking that they won’t be targets of attack. In reality, the opposite is true. In fact, according to the 2018 Verizon Data Breach Investigations Report, 58 percent of data breach victims are small businesses. This happens for several reasons. Many businesses aren’t targeted specifically, but instead are victims of what’s known as “spray-and-pray” attacks — hackers set up automated systems to randomly infiltrate businesses. As these attacks are random, any business can be damaged, regardless of size.
Myth 4: FINRA and the SEC aren’t Investigating Cyber Attacks
The SEC and FINRA have invested a ton of resources into making cybersecurity a top priority over the years. In fact, in 2017, the SEC released the Division’s first Cyber Unit, focused specifically on violations involving digital assets, cybersecurity incident disclosures and much more. Similarly, FINRA has been building momentum around this topic for years, just recently releasing a report on cybersecurity best practices. Both regulators have additionally made cybersecurity a main focus area in their 2019 examination priorities letters. If you haven’t already done so, it’s important that your firm evaluate its cybersecurity controls and train internal staff on the role they play in protecting your firm.
Myth 5: “Cyber risk” is a Separate Category of Risk
There’s no such thing as “cyber risk” – it’s risk. It’s the same risk that encompasses everything from protecting intellectual property to competitiveness and safety of personnel, and needs the same level of attention from the board of directors and the executive team. The concept of cybersecurity risk isn’t useful by itself, and treating it as a separate form is a distraction you can’t afford.
Myths about how to protect your firm from cybercriminals will always circulate. What matters most is how you continue to educate your representatives/advisors on how to best protect themselves and your organization from the increasingly sophisticated threats that live in today’s complex environments.