Shulou(Shulou.com)06/01 Report--

Posted on October 24, 2018 By Security-360.Cn administrator

When we talk about cyber security awareness, the focus is almost always on employees and their operations. While security-conscious employees are essential and are always at the forefront of a company's cyber security defenses, unwitting senior managers can have disastrous consequences.

However, common misunderstandings about network security still exist, and it is important to address why these views may be misled. Although there are some exceptions to these rules, it is important to establish a strong security reality foundation to keep the entire organization on the same page as all operations and applications.

Six common misunderstandings about security

In conversations with many chief executives and IT decision makers, I found that the safer the investment managers were, the stronger the attitude was and the less friction there was up and down the food chain. With that in mind, let's take a closer look at six popular myths that could bring business leaders back.

1. Outsourcing security is too expensive

With the expansion of cloud and software-as-a-service (SaaS) options and lower costs, moving some IT resources offsite can be cost-effective and operational efficient. For example the Security as a Service (SECaaS) market is growing significantly.

There are still a series of difficulties in cloud adoption. According to Softchoice, 96% of IT leaders said their teams lacked the expertise needed to address security challenges in the cloud. Outsourcing this kind of application management can eventually save companies a lot of time to implement and solve problems.

two。 Patches and updates are controlled

Do your CEO, Chief Information Security Officer (CISO), or other executives really believe that all your company's applications, workstations, and devices are up to date? Don't forget all these firewalls, devices, routers, servers and, of course, Internet of things (IoT) devices.

Today's network has a lot of connection resources, and patching and updating them is a daunting task, especially when you consider all individual endpoint users responsible for updating your devices. There is no complacency here, so regular software patches and reviews in daily security operations are critical to proactive defense strategies.

3. The traditional network security awareness plan is good enough.

Have you ever been trained in network security awareness? Threats and defenses are constantly changing. The staff who train you every year (or even less) will not cut it in this evolving technology environment. It is no coincidence that companies with security-conscious employees tend to have the best defenses.

Does your company train users on how to deal with social engineering? Are your employees fully invested in protecting your network? Consider strategies such as * testing and gamification to make your security training more attractive.

4. Threatening actors is unparalleled.

In some cases, this may be true; but in general, * * is not supported by strong skills. Hollywood may portray threatening actors as conniving at genius, but anyone with Internet access can download prefabricated tools that can cause serious damage to organizations that fail to take basic security precautions.

Threatening actors are very opportunistic and are almost always vulnerable targets. If your company is focused on proactive risk reduction, potential sex workers are likely to think that your network is not worth the investment or risk. Think of it this way: if your house is the only one with lights nearby, the thief may move to an unguarded home.

5. Compliance equals security

Compliance with government and industry regulations is essential for doing business and building trust, but the regulations provide only a minimum. Just because you're compliant doesn't mean you're safe.

If you are exposed to *, your compliance will greatly help reduce damage in the public eye or in court, as well as the risks borne by your stakeholders, suppliers, and consumers. But the key to effective security is not just to protect yourself legally. In terms of comprehensive protection of the enterprise, a strong, well-rehearsed incident response plan is irreplaceable.

We have spent a lot of money on security

Senior management must change its view that security only represents expenses on the balance sheet. Managers must be aware of the financial consequences of not protecting their infrastructure.

I understand my reluctance to spend more money on security. I've been there: when you're in charge of the security budget, you always want to know if you're spending too much, especially given how many people are skeptical about the effectiveness of these costs.

The argument here is not that you spend too much or too little on security-it's about how you spend it. With so many compatible security options, it is easier than ever to spend wisely on the security budget. In other words, pulling weeds and identifying the most important products and services is always tricky. Be sure to weigh your options against your business needs and goals, and seek integration compatibility across multiple solutions as much as possible.

Network security awareness begins at the top

As a former security analyst in both the private and public sectors, I am often asked to act as a buffer between senior executives and IT departments in security-related decisions. In this role, I found that there is a frequency of disconnection in the company hierarchy. Clearing these misunderstandings from top to bottom can greatly help security leaders develop a more complete security culture and a stronger, more resilient enterprise as a whole.

Please indicate if you repost!

Https://www.security-360.cn/index.php/2018/10/24/6%E7%A7%8D%E5%8F%AF%E8%83%BD%E9%98%BB%E7%A2%8D%E4%BD%A0%E7%9A%84%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8%E6%84%8F%E5%B8%B8%E8%A7%81%E8%AF%AF%E8%A7%A3/

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.