Working amid the ever-changing currents of technology and cyber security, libaries often find themselves entangled in a web of misinformation and outdated ideas. But failing to distinguish between myth and fact can put your security at serious risk. Based on expert research in the field, including CompTIA’s 2024 global State Of Cybersecurity report, we will debunk three common misconceptions that threaten to derail your success in 2024.
Myth 1: My Cybersecurity Is Good Enough! Fact: Modern cybersecurity is about continuous improvement
Respondents to CompTIA’s survey indicated that one of the most significant challenges to cybersecurity initiatives today is the belief that “current security is good enough” (39%). One of the reasons organizations may be misled by the state of their security is the inherent complexity of cybersecurity. In particular, it’s incredibly challenging to track and measure security effectiveness and stay current on trends. Thus, an incomplete understanding of security leads executives to think all is well. Over 40% of executives express complete satisfaction with their organization’s cybersecurity, according to CompTIA’s report. In contrast, only 25% of IT staff and 21% of business staff are satisfied. This could also be accounted for by executives often having more tech freedom for added convenience while frontline staff deal with less visible cybersecurity details.
Either way, “the gap in satisfaction points to a need for improved communication on the topic,” CompTIA writes. Get your IT staff together and figure out what risks you face right now and what needs to change. Because cybersecurity is constantly changing, your security should never be stagnant. “Good enough” is never good enough for any organization; vigilance and a continuous improvement mindset are the only ways to approach cybersecurity.
Myth 2: Cybersecurity-Keeping Threats Out Fact: Cybersecurity protects against threats both inside and outside your organization
One of the most publicized breaches of the last decade was when BBC reported that a Heathrow Airport employee lost a USB stick with sensitive data on it. Although the stick was recovered with no harm done, it still cost Heathrow £120,000 (US$150,000) in fines. Yes, cybersecurity is about protection. However, protection extends to both external and internal threats such as employee error. Because security threats are diverse and wide-ranging, there are risks that have little to do with your IT team.
For example, how do your employees use social media? “In an era of social engineering, there must be precise guidelines around the content being shared since it could eventually lead to a breach,” CompTIA states. Attacks are increasingly focused on human social engineering like phishing, and criminals bank on your staff making mistakes. Additionally, managing relationships with third-party vendors and partners
often involves some form of data sharing. “The chain of operations is only as strong as its weakest link,” CompTIA points out. “When that chain involves outside parties, finding the weakest link requires detailed planning.” Everyone in your organization is responsible for being vigilant and aware of security best practices and safety as it relates to their jobs. Make sure your cybersecurity strategy puts equal emphasis on internal threats as much as external ones.
Myth 3: IT Handles My Cybersecurity Fact: Cybersecurity is not solely the responsibility of the IT department.
While IT professionals are crucial in implementing security measures, comprehensive cybersecurity involves a multidisciplinary approach. It encompasses not only technical aspects but also policy development, employee training, risk management, and a deep understanding of the organization’s unique security landscape. Because each department within your organization involves unique risks, people from various roles must be included in security conversations. But many companies are not doing this. CompTIA’s report shows that while 40% of respondents say that technical staff is leading those conversations, only 36% indicate that the CEO is participating, and just 25% say that business staff is involved. “More companies should consider including a wide range of professionals, from executives to mid-level management to staff positions, in risk management discussions,” CompTIA writes. “These individuals are becoming more involved in technology decisions for their departments, and without a proper view into the associated risks, their decisions may have harmful consequences.” Business leaders and employees at all levels must actively engage in cybersecurity efforts, as they are all potential gatekeepers against evolving threats. Don’t Listen To Myths By embracing a mindset of continuous improvement, recognizing the wide range of threats, and understanding the collective responsibility of cybersecurity, your business will remain safe, resilient, and thriving, no matter what the future holds