wonderfully unique software solutions

Five cybersecurity myths of which SMBs should beware

Acunetix cybersecurity experts have warned that many smaller companies in particular can too easily fall prey to certain misconceptions about web security.

As Acunetix’s Tomasz Andrzej Nidecki explains, SMBs often end up hiring generalists or non-security enthusiasts because the more specialised, technical people are in high demand. So it’s critical that they don’t fall prey to common assumptions about cybersecurity.

This includes the idea that a company is “safe” from cyberthreat because it doesn’t expose any applications or data to the general public.

“This could not be farther from the truth,” Nidecki writes. “For example, if you design a B2B application that is used by a limited number of businesses and requires authentication to access, it is just as prone to cybersecurity risks as a public website.

“A cyberattack may be conducted not only by an employee of your customer’s business. If, for example, your login form has an SQL Injection vulnerability, an external attacker may gain access to the application that is designed to be used by specific customers only, not by the general public.”

Also, many data breaches happen as a result of insider carelessness or malicious intent, Nidecki notes.

Other common misconceptions include that the company as a whole doesn’t need to know about security because it has hired an expert, outsourced to a professional business, or has purchased and deployed a comprehensive security solution.

However, cybersecurity – like physical security – requires buy-in and best practice across the business.

Everyone in the company needs to be aware of cybersecurity. And it’s not just about a single onboarding training or about regularly sending everyone fake phishing emails to check their responses. It’s about making sure that everyone truly cares, all the time,” Nidecki explains.

“A contractor may help you select your cybersecurity framework such as NIST, design your cybersecurity strategy, assist you with risk management and threat intelligence, help you set up your security controls and even take part in incident response. However, they are not able to be everywhere and watch everything and they will probably have a response time that will be significantly less favourable than that of your own employees.”

Nidecki warns SMBs in particular not to be swayed by empty vendor promises: instead, they should ensure they look at specific solutions for specific cybersecurity threats — such as specialised web vulnerability scanners to protect themselves from web-related threats.

Similarly, SMBs cannot assume that they are safe because there is “no gain in hacking us”. Cybercrime often comes about purely as an opportunistic threat, rather than being an action carefully targeted towards those with the most to lose, says Nidecki.

So it’s important to look for manufacturers that are not afraid to tell you the facts instead of using big-business language to cloud your eyes, he adds.

“Look for specialised manufacturers because they have the means to protect you effectively. And always remember that software is just a tool and it’s the way that you use that tools that really matters,” Nidecki writes.

In other news, Acunetix recently released guidance on scanning OWASP Juice Shop.

Juice Shop is an intentionally vulnerable web application developed by OWASP for educational purposes; Acunetix can function as a DAST (black box) tool with which to scan its various vulnerabilities.

Acunetix customers for its vulnerability scanner include banks and financial services providers, healthcare, government, defence, risk advisory companies and many more.

“Maybe back in 2000 an antivirus solution and a network scanner were more important than a web vulnerability scanner but now, in 2020, this is no longer the case,” says Nidecki.

“While anti-malware solutions are still key to protect against threats such as ransomware, protecting the web is at least just as important and only web vulnerability scanners can do it.”

Recent Articles

Responsibility shifts towards vendors with US National Cybersecurity Strategy

The US government has called for aggressive regulation as part of its National Cybersecurity Strategy for 2023, ITops company Automox has warned.

Four critical challenges for cybersecurity provision in 2023

Skill sets, AI, co-operation, and climate have become the critical challenges for cybersecurity provision this year, according to Europe-based IT/OT security software...

Snow adds certifications to partner programme to drive Atlas sales

Technology intelligence software platform Snow Atlas has achieved ISO 27001 certification and completed the Service Organisation Control (SOC) 2 Type 1 examination...

Arista says edge threat defences could have safeguarded Tallahassee health

Tallahassee Memorial Health might not have been disrupted in February, requiring systems downtime and patient inconvenience, had it deployed strong edge threat...

OpenText Cloud Editions aim for accelerated AI and digital transformations

Information software company OpenText has whipped the covers off its Cloud Editions (CE) 23.1, which it says will support AI adoption and...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox