10 Cybersecurity Myths You Need To Stop Believing | Dr. Erdal Ozkaya

10
Cybersecurity
Myths
You
Need
To
Stop
Believing

01.
No
one
cares
about
you
or
Your
business
is
too
small
for
a
cyber
attack!

02
.
Your
Anti-virus
is
good
enough

03
.
Your
Passwords
are
Strong
and
hard
to
guess

04
.

10 Cybersecurity Myths You Need To Stop Believing | Dr. Erdal Ozkaya

10
Cybersecurity
Myths
You
Need
To
Stop
Believing

01.
No
one
cares
about
you
or
Your
business
is
too
small
for
a
cyber
attack!

02
.
Your
Anti-virus
is
good
enough

03
.
Your
Passwords
are
Strong
and
hard
to
guess

04
.
Your
industry
doesn’t
have
any
cyber
threats

05
.
Bringing
your
own
device
is
safe

06
.
We
have
a
Perfect
Cybersecurity
Strategy

07
.
Cyber
Threats
are
only
external

08
.
IT
department
will
take
care
of
it

09
.
We
don’t
need
tests
or
training

10

We
will
see
any
attack
or
the
malware
right
away

Cybersecurity
Myths

01.
No
one
cares
about
you
or
Your
business
is
too
small
for
a
cyber
attack!

There
are
so
many
induvial’
s
or
Small
and
Mid-Sized
Businesses
think
that
they
are
safe
from
any
kind
of
cybersecurity
attacks 
because
they’re
too
small
,
or
no
one
cares
about
them.

Cyber
security
is
important
for
individuals
because:

  • Cyber-attackers
    can
    cause
    damage 
    you
    via
    cyber-attacks
    such
    as
    IT
    theft,
    phishing,
    email
    spoofing and cyber
    extortion
    or
    make
    you
    a
    direct
    target
    and
    to
    be
    their
    victim.
  • As
    a
    direct
    victim
    you
    can
    have
    financial
    impact
    ,
    privacy
    loss
    or
    even
    Intellectual
    Prosperity
    losses
    as
    an
    Autor,
    singer

02
.
Your
Anti-virus
is
good
enough

Anti
Virus
by
itself
can
never
protect
you
from
an
advanced
cyber
attack
by
itself. 
Most
of
the
Anti
viruses
relays
on
a
database
&
signature
updates,
some
of
them
have
also
behavior
analysis,
which
can
protect
you
bit
more,
but
if
your
devises
are
not
up
to
date,
if
you
allow
to
run
a
unknown
application 
with
full
write
privileges
then
there
is
not
much
what
your

software
can
do
.
You
need
a
complete
Advanced
End
Point
Detection
system
with
much
more
then
just
being
a
Anti
Virus
.
If
you
need
more
info

Comodo

AEP
can
help
you
with
this.

03
.
Your
Passwords
are
Strong
and
hard
to
guess

Unfortunately
you
are
not
the
only
one
who
thinks
like
that
,
most
people
think
like
you
and
they
assume
that
their
regular
passwords
are
strong
enough
to
stand
against
multiple
break-in
attempts.
Cracking
Passwords
is
much
easier
then
you
think,
and
the
below
list
is
a
good
example
to
show
you
how

Cracking
Passwords

Now
if
you
have
a
complex
password
with
18+
digits,
yes
it
might
take
long
to
brute
force
your
password
,
but
it
will
not
take
long
to
steal
your
hash
,
without
even
worrying
to
know
your
password.
You
can
learn
more
about
this
in
my
book
Cybersecurity
Attack
and

Defense
Strategies

04
.
Your
industry
doesn’t
have
any
cyber
threats

I
guess
by
know
you
know
why
this
statement
is
wrong
too!
Not
every
hacker
is
part
of
Nation
State
or
APT’s
,
or
not
every
hacker
is
always
after
the
big
fish,
as
a
result
you
have
to
take
care
as
an
individual,
small
business
or
what
ever
industry
you
are
in

05
.
Bringing
your
own
device
(BYOD)
is
safe

BYOD
is
for
sure
cost
effective
for
organizations,
but
today
everyone
is
realizing
the
importance
of

Zero
Trust 
,
as
a
CISO
if
you
don’t
have
the
right
policies
to
manage
BYOD
devises
then
you
might
expose
more
risk
in
to
your
organization.

You
need
to
establishing
minimum
standards
for
device
protection
(including
formal
policies
for
bring-your-own-device
(BYOD)
,
it’s
a
must!

06
.
We
have
a
Perfect
Cybersecurity
Strategy

I
am
sure
you
have,
but
then
how
come
so
many
Fortune
organizations
are
still
getting
hacked
?
As
long
as
a
Human
Factor
is
getting
involved,
no
body
can
be
perfect
!

A
cyber
security
strategy
involves
implementing
the
best
practices
for
protecting
a
business’s
networks
from
cyber
criminals.
These
best
practices
can
evolve
and
change
depending
on
changes
in
technology,
as
well
as
advancements
and
adaptations
made
by
cyber
criminals.
You
need
to
Plan,
Check,
Implement
your
strategy
well,
you
need
to
“do”
the
right
thing
and
continuously
improve
your
Cyber
Strategy
it

See the source image

07
.
Cyber
Threats
are
only
external

I
wish
there
were
no
such
a
term
like
“insiders”.
I
am
sure
you
came
across
many
Hollywood
movies
where
an
insider
helps
the
people
outside
to
come
in,
or
to
leak
information,
and
unfortunately
this
applies
in
cyber
space
as
well,
Even
at
NSA
(

Edward
Snowden
)
,
Tesla
(
Employee
Fired
to
downloads

company
secrets
)
and
there
are
many
more
examples
like
this.

So
what
is
an
Insider
Threat
?

An
insider
threat
refers
to
a cyber
security risk
that
originates
from
within
an
organization.
It
typically
occurs
when
a
current
or
former
employee,
contractor,
vendor
or
partner
with
legitimate
user
credentials
misuses
their
access
to
the
detriment
of
the
organization’s
networks,
systems
and
data.

08
.
IT
department
will
take
care
of
it

Your
CIO
and
IT
department
can
handle
it
!
Yes,
IT
play
a
very
critical
role
on
any
organizations
success.
The
IT
department
can
implement,
manage
devises,
policies
but
I
still
believe
that
every
organization
needs
a

CISO

which
does
not
report
to
CIO
.

Saying
that
neither
the
CIO
or
CISO
can
just
take
care
of
“Cybersecurity

but
they
can
create
a
culture
in
the
organization
where
everyone
can
contribute
towards
cybersecurity,
and
this
can
be
archived
via
customized
Cyber
Awareness
training
for
each
departments 
 .
If
every
employee
,
contractor
,
partner
understands
the
cyber
risks
which
faces
them
then
they
will
for
sure
help
you
mitigate
potential
threats
such
as
spear
phishing.

09
.
You
don’t
need
Penetration
tests
or
training

Do
you
have
your
own
internal
Penetration
Tester
/s
?
No
?
You
for
sure
need
at
least
once
a
year
an
external
pen
test.
Yes?
this
is
great
,
but
you
still
need
to
be
tested.

While
your
team
can
find
most
of
the
internal
vulnerabilities,
cyber
risks
via

tools 
,its
important
to
cover
all
your
assets
end
to
end
including
your
web
/
cloud
assets.

Training
means
budget,
I
am
fully
aware
of
this.
But
just
looking
at
some
Data
breach
reports
like

Verizon
‘s
will
show
you
clearly
that
most
of
the
cyber
attacks
happens
because
of
“misconfiguration”
‘s
and
misconfiguration
usually
is
done
because
of
lack
of
knowledge,
and
knowledge
can
be
improved
only
with
training.

Books
will
be
helpful,
that’s
why
I
am
writing

books

like
many
other
other
authors,
same
with
Blog’s,
hey
look
at
it
you
are
currently
either
at
my

LinkedIn

page,
or
in
my
blog
(
or
in
someone
else’s
who
copied
this
article

which
is
OK),
us
bloggers
share
lots
of
valuable
information,
but
most
of
the
articles
are
designed
around
a
single
issue,
and
not
end
to
end
training
of
a
product,
service
or
framework.
Of
course
there
are
great

YouTube

Video’s
to
watch,
but
unless
those
video’s
are
covering
end
to
end
a
training,
and
you
do
not
spend
a
dedicated
time
to
watch
and
learn
them,
then
you
need
a
“training”

10

We
will
see
any
attack
or
the
malware
right
away

Based
on
many
data
breach
reports,
it
takes
up
to
100+
days
to
find
a
hacker
inside
your
network.
Earlier
in
this
article
I
recommended
few
products
,
but
don’t
forget
there
are
so
many
different
attack
vectors,
like

Social
Engineering

which
is
very
hard
to
detect.

Your
IDS
/
IPS,
security
agents
,
HIPS
or
defense
in
depth
strategies
are
all
very
important,
but
never
enough
to
stop
a
sophisticated
attack.
While
a
“containment

technology

can
help
you
to
see
the
malware’s
,
unknown
executables,
you
need
to
be
also
in
control
of
your
network
devices
including
IOT
,
in
top
of
your

DLP 
and
other
software
vulnerabilities
and
more….

In
Summary

There
is
no
way
to
stop
a
cyber
attack,
you
should
adopt
the
assume
breach
methodology,
have
a

incident
response

plan,
implement
defense
in
depth,
know
your
crown

jewels

and
keep
learning….

Cybersecurity
Myths

10
Cybersecurity
Myths
You
Need
To
Stop
Believing
10
Cybersecurity
Myths
You
Need
To
Stop
Believing
10
Cybersecurity
Myths

10 Cybersecurity Myths
10
Cybersecurity
Myths

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.