Busting cybersecurity myths at CloudExpo
Cybersecurity myths are incorrect and harmful, that is according to Etay Maor, Senior Director Security Strategies at Cato Networks.
At CloudExpo 2023, Maor discussed the importance of busting cybersecurity myths, highlighting three common ones he’s noticed throughout his extensive career.
Myth one
“The attacker needs to be right just once, the defenders must be right all the time”
The way the media approaches cybersecurity is a key problem here. The use of different headlines including those below, which point to a singular point of failure which simply isn’t true. Any cybersecurity breach is actually a collapse of all of the above, where hackers have overcome all controls.
So why are headlines pointing the blame to just one control, just because hackers compromised this one point of access. The problem isn’t the attack itself, but the way it’s approached and defences to it.
“Systems are breached because everything along the way collapsed, not because of one vulnerability,”
Therefore, this notion that the hacker is right just once, is an oversimplification.
Myth two
“More security products = better security”
Of course, security must exist in layers, but not to the point where you have so many layers to those solutions. Maor explained that in some cases, it’s to the extent that people don’t understand the security in their own network.
Spending money on tools rather than actual solutions leaves businesses vulnerable to attack, and adding more security products often results in duplication or functionality going unused.
Whilst increased security might seem beneficial, it can make it more challenging for employees to access what they need. Rigid structures like routine surveillance and access management can delay productivity at work.
The same can be applied to adopting the latest cybersecurity constraints. Whilst this is vital for protection, being compliant does not necessarily imply you are safe. Businesses must evaluate if constrains are substantial enough, and scope all the vital data.
Trying to monitor and control problems with fewer solutions can end up being more beneficial and productive. As the saying goes, sometimes less is more.
Myth three
“Sophisticated threat actors use sophisticated tools”
Not necessarily.
Often, threat actors use typical generic tools, and it is the vulnerability within the system allowing them to break through.
Maor claimed that part of the problem could be the attitude we take, instead cyber threats themselves. That is, sometimes turning a blind eye to the simplest forms of protection, including training staff, keeping software and systems up to date and controlling access to systems.
The key thing to remember is, security must be actionable, reliable and timely. It’s when these three things aren’t being achieved at once that vulnerabilities occur.
Round up
One thing’s for sure, Maor’s discussion at CloudExpo 2023 highlighted the importance of busting cybersecurity myths. The main consequences being the false sense of security businesses have, lack of understanding and lack of investment in the right solutions.
It’s vital to understand the reality of cybersecurity and invest in the right solutions to ensure the safety of businesses and their data.