But many of these threats aren’t new and will never really go away.
This post will cover some misconceptions about cybersecurity itself. There are many cybersecurity myths, but an accurate understanding of these 10 is critical to your cyber posture as an individual, as a business, or as a government.
1. “Cyber risk” is a separate category of risk
There’s no such thing as “cyber risk” – it’s risk. It’s the same risk that encompasses everything from protecting intellectual property to competitiveness and safety of personnel, and needs the same level of attention from the board of directors and the executive team. The concept of cybersecurity risk isn’t useful by itself, and treating it as a separate form is a distraction you can’t afford.
2. Cybersecurity is just an IT issue
Earmarking online threats as something for the IT department is one of the best ways to help those threats proliferate. It’s important to remember that cybersecurity cuts across departments and is the same regardless of the IT implementation or vertical. Once information is digitized, everything from accuracy, privacy and availability to integrity needs to be protected. Cybersecurity requirements are paramount across an organization, from the data center to the branch office and mobile device.
3. Protecting yourself is good enough
Organizations must be aware of others in their community and how they’re acting when it comes to cybersecurity questions. Some of the biggest headline-grabbing breaches of recent years involved third parties or organizations subordinate to the entity that was hacked. Everything in your ecosystem, from subcontractors to subsidiaries, vendors and accounting firms, can be a threat vector. Security is only as strong as the weakest link, and sometimes that weak link is beyond your four walls.
I love the last one: “it will never happen to me”