Skip to content ↓ | Skip to navigation ↓

A glimpse at the world of cyber security can be a frightening one. Stories revolving around security breaches hitting major companies, like Target and Home Depot, can fill any business executive with trepidation.

As a result, companies both large and small can spend considerable sums improving their security measures, trying to prevent the kind of attacks that can set their companies back months or years, if it doesn’t ruin it completely.

With so much attention being paid to security, there’s a lot of information floating around—some of it not in the least bit true. If a company wants to enhance their IT security, it pays to separate the facts from the fiction.

Here are just a few of the biggest cyber security myths that businesses still hold to:

Myth 1: Hackers are the only threat you need to worry about.

Fact: While small businesses definitely shouldn’t downplay the impact hackers could have on their operations, if all their time, resources and energy is spent focusing on them, they’ll leave themselves vulnerable to other sources of cyber danger.

Recently, it’s been revealed that many governments routinely monitor private citizens and businesses, essentially collecting data that might be considered sensitive. Foreign governments may also spy on other countries, sending attackers of their own to sabotage companies and institutions.

Some of the threats may even be internal in nature, as careless employees may unwittingly introduce various security threats through the use of their smartphones and work. This danger has become more pronounced with the widespread adoption of BYOD in the workplace.

Myth 2: All security breaches can be prevented.

Fact: After stories of yet another data breach arise, it’s easy to look at what could have been done to prevent the breach from happening in the first place. While it is certainly worth it for a business to improve security, holding to the idea that every attack can be prevented falls short of reality.

No matter how extensive a business’ network security is, attacks will get through at some point, and the question isn’t if but when. In many cases, it likely has already happened without an organization even knowing it.

The best a business can do is make it as difficult as they can to infiltrate the most important systems and to develop an effective plan for responding and recovering after an attack happens.

Myth 3: Small businesses don’t make a worthwhile target.

Fact: With so many major corporations out there, why would any hacker want to focus on a small business? The general thinking is that since smaller companies have fewer resources and less money, they’ll be ignored as attackers go after the big businesses.

The truth is that every company is a potential target no matter their size. In fact, small businesses may be an even more tempting target, since hackers are aware they don’t have the same resources to fight back. At the same time, the employees of small businesses may inadvertently make the company more vulnerable to outside attacks. It’s best not to assume hackers will simply pass the company by.

Myth 4: Predictive systems are guaranteed to discover the next attack.

Fact: Many companies are turning to big data and machine learning in the form of predictive systems as a way to boost security and figure out when and how the next cyber attack will happen.

While this strategy can certainly do a lot in improving a company’s security efforts, it isn’t foolproof. Predictive systems have to rely on past data to come up with their conclusions, meaning it’s more difficult to predict a new style of attack.

Hackers are also experienced at running deceptive strategies of their own intended to fool systems and get around security measures. Predictive systems don’t change this in any way.

Myth 5: Security is only the IT department’s responsibility.

Fact: While it is true that IT workers will likely handle the bulk of the duties associated with a cyber security, that doesn’t mean the rest of the company is off the hook. As mentioned earlier, employee behavior may increase security risks.

Addressing that issue requires changes in company culture and routine employee training. It’s also management’s responsibility to make sure other companies they work with have adequate security. In other words, it’s a company-wide responsibility to deal with security challenges, not just IT.

With these facts in mind, small businesses will be able to handle the ever-evolving nature of security threats out there. While attacks can and will still happen, organizations will be in a better position to respond and minimize the damage.

In today’s environment, a quick response and recovery can mean the difference between continued growth and disaster.


Rick-DelgadoAbout the Author: Rick Delgado is a freelancer tech writer and commentator. He enjoys writing about new technologies and trends, and how they can help us. Rick occasionally writes for several tech companies and industry publications.

Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.


BB-Shirt-TwitterAdv3d1Back by popular demand…

Hey, InfoSec Pros! We’re giving away dozens of these awesome ‘Breaching Bad’ T-shirts to some lucky Twitter followers. Make sure to follow us @TripwireInc and RT to be entered for a chance to win! Contest ends Dec. 18, 2014. Click here for Terms & Conditions.

Image courtesy of ShutterStock.