Top 5 Cyber Security Myths We Still Hear

We see an interesting trend among those IT people who come from MSDOS era. No doubt they have managed great infrastructures and tried their best to keep up with new technology. However the trend clearly shows that such IT people fall short in their decision making, because of their legacy knowledge about cyber security, the data leakage or hacking in general. When we talk to these leaders, we typically hear about 5 myths which are discussed below, with an attempt to bust that myth by providing relevant reason too.

Myth #1

I have latest antivirus running, so I am safe from data leakage.

Although this is true, its only to some extent. Antivirus is good enough to protect data from malware attacks, but not the “human viruses” who are right within the organization and know a lot about their IT infrastructure and access controls. Besides, the latest genre of ransomewares have proven, that many antivirus software fail to detect those.

Myth #2

We spent laks of rupees on a latest firewall, and we follow best practices, so we are safe

Unfortunately, that’s not true. Firstly because firewall controls only the perimeter security but still leaves the internal network susceptible to internal attacks. Secondly, because even firewall configurations are not set properly, neither are those audited. When Valency Networks team performs firewall audits, we still often see a rule which allows traffic from any external IP, to any internal IP, thus defeating the whole reason of having a firewall in place

Myth #3

We did not have a single case of data hacking in past several years, so I don’t need cyber security.

This statement is quite serious than it seems. Many IT people thinking this, are simply found to be unaware of the data that was already stolen. They are also not aware of attacks happening in the present time on their IT infrastructure. They are very much operating in an “ignorance is a bliss” mode. While implementing ISO 27001 or GDPR or HIPAA compliances, during the gap analysis audit Valency Networks team has found out many past cases for the customers, wherein the data was actually leaked.

Myth #4

We run our entire operations on Linux OS, hence we are safe

This one actually used to be true few years back, but not anymore. Linux being open source, there is no formal support or patching system. Hence the safety of such environment is only as good as the fundamental server and security hardening knowledge of the system administrators of that organization. Besides, different distros of Linux exhibit different sets of vulnerabilities which are often found to be unpatched.

Myth #5

Cyber security is a hoax typically seen in Hollywood movies. I don’t see a reason to take it seriously.

This one actually amuses us because we still hear about it from IT people, especially when they mention Hollywood movies such as “The Matrix” or “Blackhat”. In such cases we urge them to look at the local newspaper of past 1 month, and that is good enough to prove this myth wrong.

Cyber security solutions are always going to be customized ones, and not an off-the-box type.

So Whats The solution?

Well, its simple really. First of all, IT people must not assume that they know everything, and get their environments assessed or audited from subject matter experts. Secondly, IT people need to understand that the cyber security is not just about technical products, but it’s a combination of products, services and solutions to solve the problem in hand. Such combination is always going to be a customized one, and not an off-the-box type. They need to also believe that a good cyber security, if done properly, is actually not a costly affair, however if its ignored, then the consequences surely are.