Not that long ago, it was pretty common for organizations to think of cyber security as something of an afterthought; a concern for the IT department alone. But now that data breaches are doing serious damage to major companies and government organizations, that perception has changed. Discussions of privacy protection and cyber risk management are staples of board room meetings, and firms are redoubling their efforts to understand these disciplines.
So, in the spirit of improving cyber security literacy, let’s clear up some common misconceptions and demystify a few security concepts.
1. Hackers aren’t all “bad guys.”
Hacking essentially means using computer skills to find weak spots in a network’s security. However, what a hacker does with this information, and the motivation for finding it, make all the difference between a cyber criminal and a corporate lifesaver. Black hat hackers are those who use security vulnerabilities to gain illegal access. Meanwhile, white hat hackers (such as penetration testers) are those who report these vulnerabilities to an organization to help strengthen its defenses.
There are also those who don’t fit nicely in to either category. For instance, a hacker functioning independently might notify a company of a security flaw, providing an opportunity to find a fix before he or she shares the information publicly. These hackers are referred to as gray hats.
2. Hackers don’t really wear hats.
Wonder why hackers are described by hat colors? Well, it has nothing to do with their fashion preferences. Instead, the terms originate from old black and white Western movies: you could always tell the good guys from the bad by the color of their hats. Good guys wore white; bad guys wore black.
3. You don’t need a degree in cyber security to get into the profession.
There is a talent gap in cyber security, and organizations are coming up short on the skilled professionals they need. And too few of the millennials entering the workforce are considering careers in the field, with many of them citing lack of awareness about the opportunities when they were in school.
Cyber security is a rewarding career path with many ongoing growth opportunities, but it doesn’t necessarily require a specialized college degree. Those who have a knack for computing can get certifications showing employers that they have what it takes.
4. It doesn’t take a computer genius to pull off a data breach.
A popular notion is that the typical cyber criminal is some kind of ill-intentioned uber-nerd who has mastered computing. The reality is more concerning. With packaged exploit tools and social engineering methods that require only basic computer skills, virtually anyone can pull off a successful attack.
With hacking becoming a more accessible activity, security teams have more potential intrusion activity to look for. There is also greater urgency behind training programs to make sure employees are following good privacy practices online.
5. Privacy is not security.
Although these two aspects of risk management overlap in many ways, there are differences between data privacy and data security that should be understood, as they can have an impact on your risk management approach. Data privacy involves the handling and use of data that supports privacy. Data security involves controls and processes that safeguard data from unauthorized access.
Hopefully, this information helps in separating cyber security fact from fiction, and enables you to think more clearly about how to address security and privacy issues at your own organization.
Need assistance with planning and executing your cyber security strategy? Lunarline has a full suite of cyber security services and innovative products that can help safeguard your organization. For more information, please send us a message, or visit Lunarline.com to learn more about our three-pronged approach to cyber security.