As an advisor and consultant specialising in cyber security, I have come across many cyber security myths over the years! Here are 5 of the most common myths I have encountered and what I really think about them as a seasoned cyber vet.
Myth 1: "We have the best tech and tools and therefore we know we are secure"
BUSTED: Some of the most well-known cyber-attacks to date were targeted at organisations that had the best tools and technology!
Cyber Security is as much about people and culture as it is about technology.
Myth 2: "We are not a target for attacks because we are a very small company"
BUSTED: Cyber-attacks on SMEs have increased massively over the past 5 years. Small businesses can be a treasure trove for hackers and cybercriminals.
In fact, many SMEs have closed down business within 6 months of a major cyber-attack. Size does not matter for a hacker!
Myth 3: "Security is the responsibility of our IT Team"
BUSTED: Cyber Security has moved from the server-room and into the boardroom because cyber-attacks are increasingly impacting much more than technology - they can impact brand, reputation and customer trust.
Everyone in an organisation has a responsibility to contribute to keeping data safe and secure - not just the IT team!
Myth 4: "We are compliant with ISO27001 which means we are fully secure"
Sooo BUSTED: Adherence and compliance to regulations and/or frameworks is a big step towards cyber preparedness. However, this does not guarantee data security (even if it is ISO 27001!). Organisations need to take a risk-based approach so that they can capture the risks that are pertinent to their organisation (that may not be addressed in the regulatory compliance framework).
As we always say here at 6clicks: Compliance Is Not Resilience (Though it Should Be)
Myth 5: "Our staff understand the nature of cyber threats because they completed the annual training course"
LOL BUSTED: A cyber resilient organisation is one that places emphasis on changing mindsets and culture.
Remember, Culture = Values + Behaviour.
Yes, the annual training is a plus, though it can sometimes be seen as a tick-box exercise which has very limited impact on people's behaviour and mindsets.
As cyber-attacks increase in frequency and impact, it is important to understand that every organisation, big or small, is always a potential target for cyber-attacks. This is not a case of if, but when.
Interested in taking your cyber security seriously? Book a demo with our team at a time that suits you below.
Written by Lloyd Cartwright
Lloyd Cartwright has a diverse background in the field of cybersecurity and risk management. He began his career as a Cyber Security Analyst and Cyber Security Technologist at Barclays in 2018. Later, in 2021, he transitioned to Finning, where he worked as a Security Risk and Compliance Analyst. Currently, Lloyd holds the position of Senior Solutions Architect at 6clicks. At 6clicks, Lloyd contributes to building resilient cyber, risk, and compliance programs powered by AI. His expertise helps organizations streamline compliance, manage risk profiles, and confidently engage with vendors. With a passion for sport, reading, and music, Lloyd brings a holistic perspective to their work, emphasizing the importance of open forums and agile responses in today’s fast-changing world.