In virtually every industry, as well as in life in general, there is information presented as fact that very often is not based on actual truth or science. Some myths need to be dispelled not just because they are erroneous, but because, in the case of cybersecurity, can pose serious threats to the security of an organization, its people and its data.
With that as a foundation, I have been thinking about some common cybersecurity myths that persist but need to be debunked and retired — permanently. Here are three that are top of mind.
One Pane to Rule Them All?
Let’s start with a silver-bullet theory we definitely can retire in 2022. It’s the idea of the “single pane of glass” presenting all the security information a team needs to do its job. All CISOs are not the same and neither are all SOC analysts, so why would you assume they would all work the same way? It’s a psychology 101 fail to think every security itch can be scratched with the same shared UI and experience. It’s time to break that pane of glass.
Don’t Let Sleeping Logs Lie
Another myth security professionals really must leave behind is the idea that if the organization is logging everything, then it’s in compliance. Wouldn’t that be nice? However, the reality is if you’re not proactively reviewing logs and automatically hunting for known threats, you are failing to understand just how modern cyberthreats work. If you’re not using those logs to help secure the organization, you’d be better off printing out and burning the logs to heat your offices.
Finally, a third myth security teams should stop believing in is the notion that targeted threats are the priority. The vast majority of cyberattacks are automated “spray-and-pray” attacks that breach enterprises and subvert systems at superhuman speeds. If you can’t defeat these threats 100% of the time, you’ll never be in a position to detect — let alone secure against — a targeted threat.
So, there you have my thoughts about three myths that need to disappear. I’m sure you can come up with others you continue to see perpetuated in your organization. Good luck stamping them out in the name of modern, effective cybersecurity.