Top 9 cybersecurity myths
MYTH: Your computer network is safe if you have a strong enough security “fence”
There is a “new normal.” Every fence has holes. Hackers will find a way into your system, so you need to plan for that eventuality by enhancing the internal protection of your most critical data. You should also think ahead about how you will explain a hacking episode publicly. What story do you want to be able to tell when – not if – your company has a breach?
MYTH: All security incidents are created equal
Hackers have different methods and objectives when accessing corporate systems. Like robbers rattling doorknobs to find an unlocked house, hackers test security systems all the time. Some merely probe networks, while others seek to steal, manipulate or destroy data. The information they target varies with the intent, from customer credit card data that they can steal to sensitive internal communications, research and development projects, or full customer profiles that can be used to expose or embarrass the parties involved.
MYTH: The government will help with a breach
You’re mostly on your own. In many countries, companies learn they had a security incident from a government agency, but often the assistance ends there. For major events where officials are interested in information about how a hack was executed, the government might offer investigative or forensic help from law enforcement and intelligence officials. But governments are sometimes wary – for legal or political reasons – of helping companies fix their computer systems or of retaliating against the believed perpetrator of a hack on behalf of a company or group of companies. Governments have their hands full protecting their own networks.
MYTH: Computer systems security is just an information technology problem
People, not software, tend to be the weakest link in data protection. A study by computer security firm Trend Micro found that 91 percent of cyberinfiltrations began with “phishing,” where malicious links are embedded in emails sent to unsuspecting employees or customers. Recipients unknowingly grant the hacker access to their computers when they click on the link.
MYTH: Communicating about a corporate breach must be reactive
Plotting out a communications strategy in advance for different types of data security problems will help a company understand the risks and plan for them. It’s also worth thinking about what data the company has that could be damaging to it – or others – if released.
MYTH: All hacking is a cyberattack
There are many flavors of hacking, and the most common types are not attacks but network infiltrations to steal corporate secrets. Cyberattacks that manipulate or destroy data or computer systems are still relatively rare. However, these attacks have been on the rise, as seen recently with the breach at Sony Pictures that both destroyed data and exposed embarrassing company communications.
MYTH: Breaches must first be handled by technical and legal experts and only later shared with other key people in a company
Given the reputational risk a breach generates, an organization’s communications team should be involved in early discussions about the event to provide guidance on how to ensure the company maintains the trust of the public. The team should also be well versed in cybersecurity basics before a hacking incident, so it can quickly get up to speed when one occurs.
MYTH: With a breach, the biggest problems are security and legal issues
The greatest threat a breach poses is ultimately to corporate reputation. While the need to fix security problems and address legal issues is clear, companies may not realize that how they discuss the event publicly at the outset will often determine whether they can recover the confidence of the public – and investors – once it is over. Companies that change their story over time risk a more severe loss of that trust.