wonderfully unique software solutions

Five cybersecurity myths of which SMBs should beware

Acunetix cybersecurity experts have warned that many smaller companies in particular can too easily fall prey to certain misconceptions about web security.

As Acunetix’s Tomasz Andrzej Nidecki explains, SMBs often end up hiring generalists or non-security enthusiasts because the more specialised, technical people are in high demand. So it’s critical that they don’t fall prey to common assumptions about cybersecurity.

This includes the idea that a company is “safe” from cyberthreat because it doesn’t expose any applications or data to the general public.

“This could not be farther from the truth,” Nidecki writes. “For example, if you design a B2B application that is used by a limited number of businesses and requires authentication to access, it is just as prone to cybersecurity risks as a public website.

“A cyberattack may be conducted not only by an employee of your customer’s business. If, for example, your login form has an SQL Injection vulnerability, an external attacker may gain access to the application that is designed to be used by specific customers only, not by the general public.”

Also, many data breaches happen as a result of insider carelessness or malicious intent, Nidecki notes.

Other common misconceptions include that the company as a whole doesn’t need to know about security because it has hired an expert, outsourced to a professional business, or has purchased and deployed a comprehensive security solution.

However, cybersecurity – like physical security – requires buy-in and best practice across the business.

Everyone in the company needs to be aware of cybersecurity. And it’s not just about a single onboarding training or about regularly sending everyone fake phishing emails to check their responses. It’s about making sure that everyone truly cares, all the time,” Nidecki explains.

“A contractor may help you select your cybersecurity framework such as NIST, design your cybersecurity strategy, assist you with risk management and threat intelligence, help you set up your security controls and even take part in incident response. However, they are not able to be everywhere and watch everything and they will probably have a response time that will be significantly less favourable than that of your own employees.”

Nidecki warns SMBs in particular not to be swayed by empty vendor promises: instead, they should ensure they look at specific solutions for specific cybersecurity threats — such as specialised web vulnerability scanners to protect themselves from web-related threats.

Similarly, SMBs cannot assume that they are safe because there is “no gain in hacking us”. Cybercrime often comes about purely as an opportunistic threat, rather than being an action carefully targeted towards those with the most to lose, says Nidecki.

So it’s important to look for manufacturers that are not afraid to tell you the facts instead of using big-business language to cloud your eyes, he adds.

“Look for specialised manufacturers because they have the means to protect you effectively. And always remember that software is just a tool and it’s the way that you use that tools that really matters,” Nidecki writes.

In other news, Acunetix recently released guidance on scanning OWASP Juice Shop.

Juice Shop is an intentionally vulnerable web application developed by OWASP for educational purposes; Acunetix can function as a DAST (black box) tool with which to scan its various vulnerabilities.

Acunetix customers for its vulnerability scanner include banks and financial services providers, healthcare, government, defence, risk advisory companies and many more.

“Maybe back in 2000 an antivirus solution and a network scanner were more important than a web vulnerability scanner but now, in 2020, this is no longer the case,” says Nidecki.

“While anti-malware solutions are still key to protect against threats such as ransomware, protecting the web is at least just as important and only web vulnerability scanners can do it.”

Recent Articles

How remote connectivity can empower education – with RealVNC

Simplified classroom management, effective communication, and cost-effectiveness are desirable in education institutions from schools to universities, with digital solutions for distributed learning...

ShareGate answers questions on Copilot and M365 sprawl

Microsoft 365 (M365) with Copilot broadens and deepens capabilities that can enhance productivity in multiple ways but can also increase sprawl and...

Steel company deployed CoreView to head off potential delays post-acquisition

When integrating M&A driven expansion, Italian steel processing firm Marcegaglia implemented CoreView to minimise potential account migration problems from confusion to data...

Delinea meets ransomware comeback with acquisitions, further innovation

Cybercriminals appear to have doubled down on ransomware attacks again in the year, with a stealthier approach evident as well as a...

SCORM compliance and why it matters for e-learning

Learning management systems (LMS) and e-training content that comply with the Shareable Content Object Reference Model (SCORM) help ensure consistency across corporate...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox