Busting myths around cyber security
In association with e92plus
Cyber security is no longer just a tech issue – one look at the news highlights its importance to our lives, and the impact on a business that a critical attack or breach can have.
Yet there remains a number of common misconceptions around the threat, and possible complacency can easily lead to a business not addressing potential vulnerabilities in their strategy and cyber defences.
That’s why it’s essential for businesses to look for support and advice – while cyber security can still be a complex, intimidating space, leveraging the knowledge of partners and vendors is essentials for staying ahead of the threats.
We’ve taken a look at some of the most common myths, and we can address them.
Myth 1: AI-powered security tools eliminate the need for humans
While Artificial Intelligence (AI) can significantly enhance threat detection and response, it is not a “set-and-forget” solution – those tools still need to be configured, monitored and reviewed. Relying solely on AI without human expertise can create dangerous blind spots.
Myth 2: We use a cloud provider, so our data is inherently secure
It’s easy to assume that moving data and applications to large cloud providers (like AWS, Azure, or Google Cloud) automatically guarantees comprehensive security. However, cloud security operates on a shared responsibility model – so while the cloud provider covers infrastructure, the customer must secure the data, apps, and configurations. Misconfigurations, weak identity and access management (IAM), and unpatched applications within the cloud environment are common vectors for breaches.
Myth 3: Our employees understand cyber security, we ran a training course
While initial cybersecurity awareness training is beneficial, the techniques attackers use are constantly evolving, and human error remains a leading cause of breaches. Believing that employees are perpetually ‘cyber-aware’ after a single training session ignores the continuous nature of new phishing techniques, social engineering tactics, and emerging scams. This can be allied with the right data and e-mail security solutions, as well as having crucial human insights on AI based threats that aren’t easily detected automatically.
Myth 4: An incident response plan is only needed after a breach occurs
The adage of failing to prepare, so preparing to fail, is never truer than in this situation. Research consistently shows over half of businesses don’t have an incident response plan, and those who lack one end up paying over 50% more in costs, and take 25% long to deal with a breach. Waiting until a breach occurs to formulate a plan significantly prolongs downtime, increases recovery costs, and can lead to greater data loss or reputational damage. Without a pre-defined strategy, businesses will scramble, making critical mistakes under pressure. There are also risks of missing compliance requirements (such as breach notifications) or creating uncertainty or mistrust with customers due to poor communication.
Being practical
Building a more robust cyber security plan always starts with practical steps, such as enabling MFA/2FA for employees, ensuring systems are regularly patched, running regular backups and enforcing good password hygiene.
Beyond that, leveraging the partner ecosystem can bring significant benefits – VAR, MSPs and distributors can bring insights and intelligence from across their community, helping businesses learn and adapt quickly, respond to emerging threats and use the services and experience of the channel without having invest in those resources themselves. Whether it’s building incident response plans and helping run simulations and exercises, to helping build a positive cyber security culture, with regular training and education that supports and empowers staff without punishing them for every dodgy mail clicked on.
Subscribers 0
Fans 0
Followers 0
Followers