By
Gigabit Systems
October 22, 2018
•
20 min read
As the premier leadership role, all CEO’s bear the responsibility of maintaining top-notch cyber-security within their companies. It is quite common for a CEO to deflect their own personal beliefs on technology and security to their company’s information technology infrastructure. However, these beliefs may not be rooted in truth, and instead may subscribe to one or more commonly held myths. Here’s how you can identify the presence of cyber security myths in your company’s cyber-security infrastructure.
Beating a Hacker at their Own Game
CEO’s sometimes tend to think too highly of hackers. It is assumed that hackers are geniuses, but this is rarely the case. Most hackers are simply acting on an opportunity to take advantage of a weakly identified opponent. CEO’s are therefore inclined to immediately assume there has been a breach before knowing for a fact that one has occurred. This, however, may not always be necessary. While a proactive approach to cyber-security is encouraged, proactive tactics should focus more on risk reduction measures. Prioritizing risk reduction will ensure that your IT department allocates as much time and effort as possible towards staying hack-free. This will, as a result, lessen the chance of a breach happening.
CEO’s regularly assume that hackers are brilliant, evil, and bulletproof. However, most hackers are not as sophisticated as they may seem. They are either self-instructed in hacking or have been taught by someone who has hacked before. Their knowledge, therefore, is only relative – the hacking victim may not have the same IT knowledge as the hacker, but the hacker’s knowledge is most likely limited. Again, this myth points to how developing a robust, preventative IT strategy can secure a business before a breach even comes into fruition.
Software Updates and Compliance
Just because your company’s IT practices are compliant with the industry’s, does not make your business immune to a cyber-attack. For example, a majority of password requirements follow outdated information. In fact, recent studies suggest that shorter, frequently changed passwords are simpler to guess than those that are uniquely crafted. While compliance can help build trust between the CEO, the consumer, the patient, and the employees, it cannot stand alone in maintaining a robust cyber-security strategy.
Another widely held myth by CEO’s involves keeping systems and processes up-to-date. Ensuring that every router, firewall, server, IoT device, etcetera is patched, can be a time-consuming, almost insurmountable task, yet it is crucial. That small margin of error or flaw are what hackers seek to gain access to information. Hackers are most likely to hack a niche app that flies under the radar. Whether this is due to a patch or update not being installed, using a default password, or not having endpoint security, hackers seek these vulnerabilities to access data. This contradicts the myth that your largest application (your Windows operating system, for example) is what’s most likely under attack.
Maximizing Internal Capacity Inside and Outside of IT
CEO’s tend to accomplish the minimum in terms of employee cyber-security training. To elaborate, social engineering is speculated to be the current largest cyber security threat. However, the time devoted to keeping employees informed about this subject does not always match in proportion to the threat’s size. CEO’s should recognize how social engineering impacts today’s cyber-security trends by developing new training methods that build upon formerly successful modules. In addition, employees should receive hands on training and testing to recognize what a variety of phishing attempts look like and how they react to them. This will allow companies to keep effective strategies, while also developing new tactics for today’s most prominent threats.
In the spirit of continuing education, yet another widely held myth by CEO’s involves the perception of an IT department’s knowledge and abilities. Corporate leadership often assumes that since the IT team specializes in cyber-security, there is neither little-to-no room nor need for improvement. CEO’s can support their IT department’s capacity by ensuring that the department’s beliefs about organizational threats are concurrent with those outside of the department. Leadership should also monitor where the IT department draws data that supports their strategies from, as well as establishing checks that ensure the proper allocation of IT funds and resources.
Ultimate Responsibility
When deciding what role to play when improving your business's cyber security infrastructure, you need to remember that there is more to assess than what meets the eye. Sorting fact from fiction is crucial in order to fully understand how hackers think, including and not limited to the importance of software updates, and how to maximize internal IT capacity.
At the end of the day, CEO’s have a responsibility to their company; to educate themselves and their employees on cyber security. It is imperative for everyone involved to be on the same page and understand a hacker’s’ mind as well as the tactics that are in use. Without CEO’s taking a stand and becoming more involved in the cyber security aspects of the company, the myths will continue, and the company will remain insecure. Ultimately, dispelling commonly held myths on cyber security will encourage your corporate leadership to evaluate IT from a new, more informed perspective.
Learn more about the latest in cyber security by subscribing to our blog;