Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cyber Tactics ColumnCybersecurity News

The Top 10 Cybersecurity Myths, Part 2

By Steven Chabinsky
Cyber Security default
May 1, 2015

This month’s column takes over where we left off in April, bringing to a close our Top 10 list of widely held cybersecurity myths. This month’s list should prove no less provocative.

Click here to see myths 6 through 10

5. The FBI Raid Jacket Myth. A surprisingly large number of companies decide not to contact law enforcement after a computer intrusion because they fear losing control. Let’s forget for a moment whether the company already lost control to the hacker. The FBI Myth is born of the misconception that law enforcement will descend upon a victim company in raid jackets, box up the computers, investigate the company instead of the hacker, and generally tell the company what to do. Fortunately, the norm for working with law enforcement is far less intensive, far less invasive, and far more cooperative. Both the FBI and the Secret Service are highly professional, and approach computer intrusion victims as just that, victims. They also recognize that business operations must continue during an investigation, and they make considerable efforts to efficiently get what they need in order to pursue the hacker and quickly get out of your way while you remediate your own networks. 

4. The Unattractive Target Myth. A substantial number of companies, especially small and medium-sized enterprises, do not believe they will suffer from a computer intrusion based on their view that they are not attractive targets. Unfortunately, this level of modesty is misplaced and naive. The National Small Business Association recently reported that half of the small businesses they surveyed knew they had fallen victim to a cyber attack, leaving only a large question mark as to whether the remaining organizations were fully secure or simply unaware.  In a separate study that included more than 500 U.S. executives, security experts, and others from the public and private sectors, nearly eight in 10 respondents reported they had detected at least one cybersecurity event within the prior 12 months, with the average number of incidents detected being 135 per organization. The truth is that small, medium and large businesses are specifically targeted by criminals and spies, and they also fall prey to automated malware that continuously scans networks for vulnerable machines without knowing first who owns them. If you’re online, you’re good enough, you’re desirable, and doggone it, hackers like you.

3. The Insurance Coverage Myth.  Over half of the companies surveyed in a recent UK government report believed they had insurance in place to cover a network breach, while only 10 percent actually were covered. Another sizable group of the executives that responded had no idea which cyber risks, among the many, could be insured and which could not. Either way, if your company has not recently analyzed and assessed its cyber insurance coverage, the odds are that your company either thinks it has coverage in place that it does not, or that it thinks that it cannot get coverage in place that it can. There are a lot of false assumptions being made when it comes to cyber coverage, and companies would do well to reassess their plans regularly and stay on top of changes in the cyber insurance market.

2. The First Line of Defense Myth. I cringe when I hear somebody state that their rank and file employees are their first line of cyber defense. With few exceptions, the general workforce is more properly viewed as an important, but last, line of defense. Among other reasons, the bad guys simply have gotten too good at compromising websites and spoofing emails for the average employee to know better. As a result, mature controls rely less on the everyday employee’s ability to secure the network, and rely more on explaining to the workforce the importance of not intentionally subverting existing controls, as well as learning from the workforce which controls are likely to be subverted in order to get the job done.

 1. The IT Responsibility Myth. More common than the First Line of Defense Myth is the myth that cybersecurity is primarily an Information Technology issue that can be automated. A single person can’t “set and forget” cybersecurity. The IT Responsibility Myth is particularly dangerous because it underestimates security requirements and lets Boards of Directors and C-Suite Executives off the hook. Information and network security must be addressed within the larger framework of enterprise risk management. Anything less fails to place cybersecurity into its greater business context and makes success more difficult.   

KEYWORDS: cyber information sharing cybersecurity myths data breach

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Chabinsky 2016 200px

Steven Chabinsky is global chair of the Data, Privacy, and Cyber Security practice at White & Case LLP, an international law firm. He previously served as a member of the President’s Commission on Enhancing National Cybersecurity, the General Counsel and Chief Risk Officer of CrowdStrike, and Deputy Assistant Director of the FBI Cyber Division. He can be reached at chabinsky@whitecase.com.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Keys to Employee Cybersecurity

    The Top 10 Cybersecurity Myths, Part 1

    See More
  • SEC1118-cyber-Feat-slide1_900px

    Clear, Purge & Destroy: When Data Must be Eliminated, Part 2

    See More
  • Cybersecurity Requires More than a Good Plan

    10 Steps to Building a Better Cybersecurity Plan

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing