False cyber security assumptions

With technology changing so fast, security can sometimes seem like a goal post that is continually moving. Below are corrections to some of the more common misperceptions.

#1 IF I HAVE SECURITY ON PREMISES, I DON’T NEED TO SECURE THE CLOUD

This is a dangerous assumption that can wreak havoc with safeguarding your organization. Cloud security is just as necessary as your other security. With more and more workloads moving to the cloud and employees storing files and using apps in the cloud, sensitive data risks greater exposure. Without the right technologies in place, IT has less control and less visibility.

#2 AS LONG AS I MEET COMPLIANCE REQUIREMENTS, MY ORGANIZATION IS SECURE ENOUGH

What many don’t realize is that security regulations are typically tied to very specific situations and are not as comprehensive as true security needs to be. If your protections are limited to what you are required to implement, you are merely covering the basics. This can be a very expensive mistake considering the cost of remediation, brand tarnish, and loss of sensitive information and intellectual property.

#3 TIGHT SECURITY TAMPS DOWN PRODUCTIVITY AND LIMITS INNOVATION

In fact, good security enables just the opposite. When the right protections are in place, your business can take advantage of emerging technologies to spur greater agility. Plus, your employees can securely collaborate more freely—with greater confidence.

#4 MOBILE ISN’T A BIG PROBLEM

This is another myth that can lead to an insecure organization. The reality is that, last year alone, at least one in five organizations experienced a mobile security breach. Of these, 39 percent downloaded mobile malware and 24 percent connected to a malicious Wi-Fi® network.2 While testing mobile security for prospective customers, Check Point regularly finds five to 20 percent of enterprise devices are already compromised. A sobering fact, given that it takes only one compromised device to penetrate your security perimeter.

#5 MDM IS ENOUGH

Many companies rely on basic mobile policies using mobile device management (MDM) or enterprise mobility management (EMM) solutions. While these can be helpful, they are unable to detect the most recently created malware or new vulnerabilities in networks, operating systems, and apps. Security infrastructure for corporate PCs and laptops isn’t enough either, since mobile devices work beyond the network, creating potential security issues and enabling malware to enter.

#6 SECURE CONTAINERS ARE SAFE

Secure containers for data management platforms provide security inside the enterprise perimeter. However, mobile devices often access systems and apps like Salesforce, Oracle, or SAP outside the perimeter. As a result, this risks exposure to network spoofs or man-in-the-middle attacks, which can eavesdrop, intercept, and alter traffic. Everything a user does, including entering passwords, could be intercepted by criminals and used to breach the perimeter.

#7 IOS IS IMMUNE

Contrary to popular belief, Apple’s iOS is not immune to threats. Some organizations using MDMs unwittingly distribute infected apps to iPhones and iPads. Apps from unauthorized, unreliable app stores can also harbor viruses; hackers have even compromised Apple’s development tools, sneaking malware into new apps without the developers’ knowledge.

#8 MOBILE ANTIVIRUS IS ALL I NEED

It’s unfortunate that the same advanced detection techniques used on PCs and laptops can’t extend to mobile devices. That’s because devices used on the go have limited performance and battery life. Add to that, mobile antivirus solutions are limited compared to PCs. They can uncover malicious code in apps by looking for unique binary signatures that identify known malware. But, criminals can still get through: just a slight change in the code, such as adding a simple line that does nothing, generates a new version of the malicious app, which lets it slip by undetected by the antivirus program. So, while you might be protected against known viruses, a new one might hit your device before an antidote has been developed.

 

Curious how to do it the right way? Download the Security report