Curious about how to get a handle on your customers’ cybersecurity threats? One major step is helping them understand cybersecurity fact vs. fiction.
Every October, the TD SYNNEX CyberSolv team celebrates Cybersecurity Awareness Month with an array of insights, research and fun activities for our partners and customers to engage in!
To kick things off, we wanted to bring you a few of the common cybersecurity myths our team hears - and how they can lead to some scary consequences if you believe in them...
Myth #1: Cybersecurity is one solution that only requires a "one-size-fits-all" approach.
To create a strong cybersecurity strategy, you need to take a multifaceted and a multi-layer approach to fully protect your customers’ businesses. A strong cybersecurity plan incorporates elements like a web of defenses for your network and devices, employee security awareness training and physical security measures.
But a strong cybersecurity plan doesn’t look the same from organization to organization. While there will be overlapping elements, what’s needed will vary based on a number of elements like what applications and technology they already use, where their data lives (on-premises, cloud, or hybrid), what regulations they need to comply with and more.
Doing a comprehensive cybersecurity assessment before making a plan can help you identity where the gaps are — and what’s needed to fill them (Don’t have the resources to do this yourself? TD SYNNEX can help run these with you!).
Myth #2: Cybercriminals tend to only target large corporations.
While enterprises are certainly a lucrative target for cybercriminals, they aren’t the only ones. Cybercriminals look for vulnerable systems regardless of company size. Small and midsize businesses (SMBs) may be more vulnerable because they typically do not have dedicated IT staff and resources — and it’s often harder for them to recover from a cybersecurity breach. According to the Ponemon Institute, 61 percent of small and midsize businesses have experienced a cyberattack in the past year and the size of breaches has almost doubled.
Cybercriminals often target SMBs to steal money and information, but they also use them for access, or getting into systems. Then using the legitimate system, they execute a distributed attack or use you to access bigger companies. Help your SMB customers understand the ways they are vulnerable and build a plan to mitigate risks.
Myth #3: Scams and phishing schemes are glaringly obvious.
Phishing attacks have gotten significantly more sophisticated as the cybercrime industry has grown, with attacks becoming harder and harder to spot. Additionally, phishing has spread beyond just email to other forms of communication, which can affect devices of all kinds including computers, phones, smart watches and even IoT devices.
In many cases, phishing attacks are indistinguishable from legitimate communications — and sometimes come from legitimate sources who have been victims of attacks themselves. Cybercriminals will gain access to a company’s systems, then use the real accounts to target other victims, which can make the attack almost impossible to spot.
Help your customers mitigate risk around phishing specifically by building a plan that includes employee education as well as tools that can help stop an attack before it causes issues like email security and data loss prevention tools.
Myth #4: Artificial intelligence and machine learning don’t have anything to do with cybersecurity.
Artificial intelligence (AI) and machine learning (ML) can conjure up some fantastic imagery of sentient computers that replace all our daily tasks and jobs. While that is far from reality, AI has certainly become a hot topic recently with the rise of services like ChatGPT and AI image generating programs.
It’s easy to think that it has nothing to do with cybersecurity, but AI and ML can pose some serious challenges. Cybercriminals are already using AL and ML to create more convincing phishing attacks that imitate trusted sources. Outside of malicious attacks, AI and ML services can pose series data loss risks if employees enter sensitive or protected information into the services.
But that doesn’t mean there aren’t also advantages when it comes to cybersecurity. These technologies can serve as helpful supplements (not replacements) for humans performing repetitive cybersecurity work. Machine learning can reduce the repetition in monitoring network traffic or tuning security devices. Artificial intelligence can be useful in supplementing human analysis efforts like incident response (DFIR) and threat hunting.
Myth #5: If my customer’s data is in the cloud, cybersecurity is the cloud service provider's responsibility.
Moving to the cloud offers businesses a number of benefits, including some security benefits, but that doesn’t mean cybersecurity is no longer a concern. Cloud service providers operate under a shared responsibility model around data security — meaning they are responsible for some security, and the end customer is responsible for some. Typically, the cloud service provider is responsible for things like the security of their data centers, while customers are responsible for their particular environments.
Help your customers understand what falls under their responsibility to secure (if they are in a multi-cloud environment, it may change from vendor to vendor!), and how they can secure each area.
Studies are showing damage from cyberattacks will amount to about $10.5 trillion annually by 2025 — a 300 percent increase from 2015. Working with your customers to break these misconceptions and mitigate the risks they cause can help ensure they don’t become part of this statistic.
If you’re interested in learning more about how TD SYNNEX can help you create value in the cybersecurity space, contact our team at CyberSolv@tdsynnex.com or visit our website.
Sources and Further Reading