6 myths CEOs believe about security

Want a more effective IT security strategy? Dispel your CEO and senior management of these common cybersecurity misconceptions.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

CEOs are charged with leading all strategic planning and operations at their companies. It’s a lot to be responsible for. So, they can be forgiven for mistakenly believing that they, and the bright and capable people they put in charge of their IT security, are doing the right things in the right places against the right threats, when in fact, they are wasting large amounts of their IT security budget on things that really don’t work.

Why?

They have been taught to believe a set of IT security myths that border on unapproachable dogma that simply aren’t true. When you believe the wrong things, it’s hard to do the right things efficiently. Here are common myths that CEOs believe about computer security.

1. Attackers can’t be stopped

Most computer defenses are so weak and ill-advised that hackers and malware can break into them at will, and that’s only if the malicious intruders haven’t already pwned the entire environment and been in for years. Computer defenses are so bad and porous that CEOs have been told that it’s impossible to stop hackers and malware. The best they can do is to “assume breach” and work at early detection and slowing attackers down once they are in the environment.

Can you imagine a military general, under attack, telling subordinates and soldiers that there is absolutely no way they can win, no matter what they do…even if you were to give him more soldiers and weapons in the right places to defend with? Neither can I, but that’s what the world of computer security wants CEOs to believe today.

While it’s probably true that a dedicated, nation-state funded, hacker group can’t easily be stopped, most hackers and malware can be stopped from breaking in (the initial root cause exploit) by better doing a handful of things that the company is probably already doing, just not in the right amounts in the right places. A better-focused IT security strategy and a couple of key defenses could significantly reduce most of the risk of hackers or malware from getting inside your environment. 

2. Hackers are brilliant

Part of the reason for the nihilistic belief that hackers and malware can never be fixed is that the world thinks that hackers are all brilliant, can’t-be-stopped, super geniuses. This romantic ideal is readily promoted in Hollywood films that often show the hacker taking over the entire world’s computers by easily guessing passwords into any system they are presented with. Movie hackers outsmart everyone and can launch nuclear missiles and erase people’s digital identities with a few keystrokes.

To continue reading this article register now

NEW! Download the Winter 2018 issue of Security Smart