• XRATOR
  • Contact Us
  • Privacy & Policy
Conquer your risk
  • Home
  • Articles
  • News
  • Research
  • State of the art
No Result
View All Result
  • Home
  • Articles
  • News
  • Research
  • State of the art
No Result
View All Result
Conquer your risk
No Result
View All Result
Home Cybersecurity

Top 4 Biggest Mistakes in Cybersecurity

Just four mistakes are threatening organizations cybersecurity worldwide, regardless of the industry and location.

Gert Van de VenbyGert Van de Ven
December 16, 2022
in Articles, Cybersecurity, Risk Management
0
Top 4 Biggest Mistakes in Cybersecurity

Effective cybersecurity best practices involve deploying defensive technologies that leverage AI and ML to anticipate and prevent malicious activities. Some security providers claim to use AI or ML in their offerings, but they use it to optimize or automate processes rather than preventing cyber threats.

Keeping a good cybersecurity hygiene, stay aware of the trends and acknowledge that you have adversaries on cyberspace are mandatory. Your security journey start by understanding the four biggest risks of modern cybersecurity.

Security is a Technical Problem

This is probably the biggest mistake a organization can do. Thinking that cybersecurity, from the technical stack to the human factor, is just a big IT issue. Digital transformation of business and societies shift the position of information technologies from a nice to have to a must have. It is now a strategic issue. Thinking otherwise would be like picturing its organization, from the CEO to the workforce, as just a HR problem.

Information security leadership are challenged to be both technical expert and promote the cyber risk topic to senior management. They need to gain the support of the board and to become master of diplomacy and cyber war stories. They also need to create bridge with other department:

  • Finance: quantification of budget and risks;
  • Legal & Compliance: adherence to regulatory frameworks, internal rules and contractual requirements;
  • HR: Hire cyber talent and retain them, train the staff on cybersecurity topics;
  • Marketing: promote cyber initiatives as a competitive advantages.

Those are just a few example of how multi-disciplinary cybersecurity, hence the CISO job, is. The key to be secure is not to create boring awareness session. But to create a culture change initiated and promoted by the top management.

Not My Fault, It’s My Software Provider

Nation-state attackers are like a second rider in the darkness that has gone without notice for too long. Reflecting on the major cyber-supply chain incidents of the last couple of years, SolarWinds, Kaseya, Okta or the Danish Railway attack come to mind. These malicious actors exploit extensively used programs and services in the industry, transnationally.

This attack style requires considerable expertise and designing. It is ideal for advanced persistent threat adversaries that are equipped with the means to generate custom-made tools and exploits for their schemes. If the suppliers or vendors are not safeguarded from such attacks, neither will you.

I’m Too Small Or Uninteresting To Be Hack

Cyber risk has been greatly amplified due to ransomware and APT (advanced persistent threat) actors. Companies that believe they are too small or in an obscure location to be targeted are mistaken. Adversaries do not solely focus on size and location when selecting a target. Ransomware attacks are determined by an organization’s willingness to pay a ransom, while APTs may be more associated with economic or cyber geopolitical context and third parties.

Who wants to deal with small companies ? Anyone. So just like individuals or big corporation are rushing to contract with SMB, so does attackers that are following the value. That’s is why startup cybersecurity or SMB cybersecurity is necessary. It is not because you are small or you don’t see why an attacker would launch a cyberattack against you, that they will not.

I’ve Never Been Attacked Before

It is pure logic to say that you are never attack when you don’t look hard enough. And you are never attack until you do. Regrettably, many companies opt for only a reactive response to their cybersecurity protection, leaving them more vulnerable to any potential cyber threats.

Cyberattacks can take place in the blink of an eye, making it hard for the majority of companies to respond quickly. Furthermore, supply chain attacks and the complexity of the cybercrime environment are growing, leaving organizations exposed. Hackers usually assault these accounts with legitimate credentials such as distant access or admin and service accounts. It makes difficult for regular security controls to identify the initial activities.

If proactive and preventive security measures are not activated, it is likely that these activities will be found out after the fact. If even found.

 

Tags: Advanced Persistent ThreatAPTBest PracticesBusiness RiskComplianceCyber StrategyexecutiveHuman ResourcesSecurity BaselineSecurity BudgetSecurity CultureSecurity PostureSupply Chain

Categories

  • Cybercrime
  • Malware
  • Vulnerability & Weakness
  • Threat Intelligence
  • Cyber Attacks
  • Cybersecurity
  • Offensive Security
  • Risk Management
  • Cyberdefense
  • Cyber Insurance

Popular News

  • Cybercriminals regularly hack into individual and organization network. They may steal password to sell them on the darkweb.

    4 websites to check if your password is in the darkweb

    0 shares
    Share 0 Tweet 0
  • 10 Essential Tools for IoT Pentesting

    0 shares
    Share 0 Tweet 0
  • Threat Modeling : from Software Security to Cyber Risk Management

    0 shares
    Share 0 Tweet 0
  • 8 TV Shows and Movies about Personal Data Abuse

    0 shares
    Share 0 Tweet 0
  • The Code Knight: Mastering the Craft of Defensive Programming

    0 shares
    Share 0 Tweet 0

"Conquer Your Risk" is a corporate blog for Cybersecurity and Risk Management executives and specialists, sharing XRATOR experts' views on Cybersecurity, Threat Intelligence, Risk Management and Cyber Insurance.

Categories

  • Articles
  • Cyber Attacks
  • Cyber Insurance
  • Cybercrime
  • Cyberdefense
  • Cybersecurity
  • Malware
  • News
  • Offensive Security
  • Research
  • Risk Management
  • Scams
  • State of the art
  • Threat Intelligence
  • Uncategorized
  • Vulnerability & Weakness

Quick Links

  • XRATOR
  • Our Experts
  • Privacy Policy
  • Contact Us

XRATOR® – copyright 2020-2021

No Result
View All Result
  • Contact Us
  • Homepages

© 2018 JNews by Jegtheme.

Manage Cookie Consent
We use cookies to optimize our website and our service.
By closing this windows, you automatically deny non-functionals cookies.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Preferences
{title} {title} {title}
Manage Cookie Consent
We use cookies to optimize our website and our service.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Preferences
{title} {title} {title}