50 Shades of Security Clichés

Over the past few decades, cyber security has become a growing concern to businesses.

The security industry has had to jump through many hoops to deal with the increasingly complex security threats, but more effort needs to go into educating people too.

When it comes to cyber security, a common frustration is that it is saturated by cliches, misconceptions and exaggerations by businesses and users alike. Senior management, managers and even security professionals are all guilty of these misunderstandings or ‘myths’.

So, here are the 50 most common cyber security misconceptions from the experts themselves:

Wieland Alge, VP & GM EMEA at Barracuda Networks

#1: It won’t happen to me

#2: We have a firewall so we’ll be fine

#3: We’re only a small business; no one will be bothered about hacking us

#4: If you don’t open emails from people you don’t know, you’re safe from viruses

#5: If I could put the tools I need in place I would, but our executive just wouldn't understand them

#6: My internet provider provides private connections via MPLS, so why bother about encryption

#7: Our web application developers are very diligent people, no need to add more security checks

#8: 100 per cent technical security is not achievable, one has to invest into awareness trainings

#9: There is an inside and an outside world and the perimeter to guard

#10: Private usage of devices is forbidden and our users follow the rules

Mark Edge, UK country manager at Brainloop

#11: IT security is top of employees’ minds

#12: Consumer-grade file sharing sites are secure

#13: Protecting the perimeter is enough

#14: Documents that are secure within the firewall, are automatically secure outside too

#15: Employees never use public cloud-based emails like Gmail or Yahoo

#16: It’s not necessary to use two-factor authentication and 256-bit AES encryption

#17: It doesn’t make a difference where in the world data is stored

#18: Securing data in the cloud is less secure than having it on-premise

#19: Reviewing regulatory and compliance requirements every two years is sufficient

#20: Too many security processes will impact productivity

Jeremiah Grossman, founder and interim CEO at WhiteHat Security

#21: Luck is a security strategy

#22: Internal facing applications are un-hackable

#23: Our security is hacker-proof

#24: My apps are running fine so I can’t have been hacked

#25: All browsers are just as secure as the next

#26: There's no need to log activity when we haven't been hacked

#27: Once vulnerability has been patched, there's no need to re-check it

#28: We've never had any problems before...

#29: My website is brand new so it’s safe

#30: Staging environments and production environments are always the same

Erik Driehuis, VP EMEA at Digital Guardian

#31: The higher your fences, the safer you are

#32: The biggest threat to your data is hackers

#33: All insider threats are rogue employees

#34: The more data you have, the more at risk you are

#35: If employees are ‘off the network’ they can’t be monitored

#36: The IT team can protect everyone

#37: Sharing data with others makes you vulnerable

#38: Putting in new DLP systems always takes ages

#39: A lost laptop means compromised data

#40: You can’t change employee behaviour

Alessandro Porro, VP of International at Ipswitch

#41: Email is the safest way to send/receive files

#42: Being careful is enough to avoid a data breach

#43: I would never send a file to the wrong person

#44: Taking security seriously is too time-consuming

#45: Secure file transfer is only required when sending large files

#46: Secure file transfer tools are too complicated to use

#47: The anti-virus will always protect you

#48: Security programmes will only slow my systems down

#49: I’ve never had a problem before so why would I have one now?

#50: I’m sure my supply chain takes security as seriously as we do