Busting Some Common Cybersecurity Myths

default_image

Gunter Ollmann

, , , , , , ,
Reading Time : 2min read

In virtually every industry, as well as in life in general, there is information presented as fact that very often is not based on actual truth or science. Some myths need to be dispelled not just because they are erroneous, but because, in the case of cybersecurity, can pose serious threats to the security of an organization, its people and its data.

With that as a foundation, I have been thinking about some common cybersecurity myths that persist but need to be debunked and retired — permanently. Here are three that are top of mind.

One Pane to Rule Them All?

Let’s start with a silver-bullet theory we definitely can retire in 2022. It’s the idea of the “single pane of glass” presenting all the security information a team needs to do its job. All CISOs are not the same and neither are all SOC analysts, so why would you assume they would all work the same way? It’s a psychology 101 fail to think every security itch can be scratched with the same shared UI and experience. It’s time to break that pane of glass.

Don’t Let Sleeping Logs Lie

Another myth security professionals really must leave behind is the idea that if the organization is logging everything, then it’s in compliance. Wouldn’t that be nice? However, the reality is if you’re not proactively reviewing logs and automatically hunting for known threats, you are failing to understand just how modern cyberthreats work. If you’re not using those logs to help secure the organization, you’d be better off printing out and burning the logs to heat your offices.

Off-Target Thinking

Finally, a third myth security teams should stop believing in is the notion that targeted threats are the priority. The vast majority of cyberattacks are automated “spray-and-pray” attacks that breach enterprises and subvert systems at superhuman speeds. If you can’t defeat these threats 100% of the time, you’ll never be in a position to detect — let alone secure against — a targeted threat.

So, there you have my thoughts about three myths that need to disappear. I’m sure you can come up with others you continue to see perpetuated in your organization. Good luck stamping them out in the name of modern, effective cybersecurity.

You Might Also Be Interested in

October 8, 2021

How to Observe Cybersecurity Awareness Month and #BeCyberSmart

Cybersecurity Awareness Monthcybersecurity awarenessshadow ITcybersecurity culturesecurity culturesecurity best practices
default_image

Kayla Williams
August 19, 2021

Cybersecurity Visibility: The Key for Business, Security and SOC Alignment

SOCsecurity visibilitycybersecurity visibilitySANSoperational security
default_image

Devo
April 21, 2022

Welcome to the Age of Cybersecurity Attack Stories

SOC leaderssecurity analytics platformautonomous socautonomous threat huntingcyberattack storykognosattack storiesSOC communicationSOC ineffectivenessAISOC toolssoc analystsSIEMcybersecuritySOCsecurity operations centerartificial intelligence
default_image

Gunter Ollmann
September 10, 2021

Federal Effort to Improve Cybersecurity Prioritizes Log Management

executive orderquery datalog dataremediationSolarWindslog collectionOMBOffice of Management and BudgetWhite Houselogloggingresponseinvestigationdetectionfederal governmentcloud securitythreat intelligencenext-gen SIEMcybersecurity
default_image

Dan Wilbricht

Ready to release the full potential of your security data?

Request a Demo Let’s Chat