The increasing reliance of organizations on the digital ecosystem to store their data and run applications has accentuated the debate around data privacy. Every now and then, a so-called cybersecurity expert comes up with their own version of how you should be protecting your digital assets. Amidst an overflowing stream of opinions, it's hard to tell facts from opinion.
Let’s take a look at some of the common data privacy myths that you might have mistaken for facts.
Myth 1: Proprietary applications tend to be securer than open-source ones
This one may not come as a surprise as even IT managers of large organizations have fallen for this misinformation. The security of an application includes a lot of variables, and the presence or absence of open-source technologies in your application stack isn’t one of them. On the contrary, open-source tools backed by a large community tend to be more secure than a proprietary software system that has never left a small security team.
What matters is the quality and quantity of the community backing the open-source software (or the reputation of software author in the case of proprietary software). If we take WordPress as an example, the reason it is such a secure CMS is because it has one of the biggest active communities on the planet for an open-source tool.
When we talk about reputation, it doesn’t necessarily mean how well-known they are as a company. For example, you might be a little hesitant to use a project management tool made by Facebook. We use one made by Microsoft because we know how sincere they are about securing the private information of their users, whether business or personal.
Myth 2: Data theft is the work of sophisticated hackers with advanced software
While large groups working in tandem with a state’s backing is a reality of today’s world, targeted attacks are few and uncommon and they are often a result of a political motivation. Mass cyber attacks (including ransomware attacks) are the work of what you could call the petty thieves of the digital world.
They use ripped off open-source software to employ rudimentary attack sequences, often containing dictionaryware-assisted brute force attacks with a pinch of cheap techniques like phishing and social engineering.
Since they target millions of private networks at a time, they work on economies of scale. Their attack vectors may somewhat be a case of hit or miss, but there will always be that one curious guy in the accounting department who opens all his emails no matter how suspicious they may look. Awareness about data privacy is the key here.
Myth 3: Private clouds are safer than public clouds
If by private cloud you mean your twenty-year older server running Microsoft Server 2003 at an isolated location in the Arizona desert, then unfortunately public cloud service providers such as Google Cloud and Amazon Web Services will do more justice to your privacy goals.
Since public cloud services are used by millions of customers and are subject to local and international privacy law, they are far less likely to be the victim of a teenage amateur giving hacking their first try.
Read on: How Can You Save Up To 65% On Your Cloud Costs?
Myth 4: Hackers are digital extortionists after your money
The reason we call them ransomware is because the criminals say they will release our data upon receiving 10 BTCs. However, ransomware accounts for less than 10% of global cyberattacks. What looks like an out of place minor spyware detected by your antispyware could be the work of a team of state-sponsored cyber experts trying to steal sensitive information on your offshore business endeavors. Otherwise, it could be an anonymous person hired by one of your competitors to get a clue on your product development initiatives.
In a nutshell, hackers who attack your computer may be more than an applicant to an elite black hat hacker group trying to prove their worthiness. In fact, digital extortionists are the least scary of the bunch because you know their intent.
Myth 5: Identity theft is impossible with the latest security patches
Even the most impenetrable security system has some security holes left to be identified and eventually fixed. If you have heard the term ‘zero-day vulnerability’ then you know what this means. It’s a game of cat and mouse. It could be a small script acting as a cute kitten video that you clicked in the morning, and then nothing turned up. Now the hacker has access to the PHI of thousands of customers relying your company with their healthcare information.
Even with zero trust security, a piece of software could potentially be used to steal your employee’s private information without anyone noticing.
Myth 6: You have to open a file to be infected by spyware
Studies and real-world instances have shown that in some cases you don’t have to click on the suspecting link or open the funny meme to get infected. The idea is to interact with any digital asset with caution and not access it if you have even slightest of doubt. Whenever in doubt, consult your IT manager or a security expert in the team before taking any action.
Myth 7: BYOD devices protected with strong protection methods are impenetrable
Whether it’s Windows Hello, face ID or a traditional PIN based authentication method, they have been bypassed in the past and will be in the future. In case of BYOD devices, hardware-based security such as a Ubikey is recommended to be more secure.
Myth 8: Larger enterprises are more susceptible to cyberattacks than SMBs
If you were a hacker, which you would prefer: breaking into the network of 15 SMBs with subpar application security or breaking into an A-list company with a dedicated security team shrewder and larger than the senate council?
Not every hacker is unfolding a web of lies and is high on political justice. Some are just poor and looking for an alternate source of income. AppSec shouldn’t be an afterthought whether you’re a large organization or a team of three.
Read on: What Are Bot Attacks And How Do You Secure Your Organization Against Them?
Myth 9: Legacy software is securer than modern software because of incompatible data models
What at first shines as mitigation in the form of incompatible data exchange layers may later come to haunt you in the form of poorer inbuilt security, making an old application easy to get into once the hacker has access to the underlying software or hardware. Thinking legacy software won’t be on cybercriminal’s agenda is same as thinking burglars are less likely to rob a local bank than the Bank of America.
Remember, there are no good excuses for delaying your app modernization plans.
Myth 10: Remote workers are a larger risk to privacy
If policies in place at your organization aren’t doing justice to your current state of enterprise IT, then both remote workers and inhouse workers will be at the same level of risk to your organization. If your organization is running scrutiny on their remote employees because they believe they could sell company data to your rival for some quick cash, then the problem isn’t remote working but rather your IT policies that are in a desperate need of an update.
What does data privacy mean to your organization’s IT?
When it comes to data privacy, it is simpler to stick to the key basics than to ride the wave of popular opinion or what is trending in the privacy and security market. At the end of the day, whether it is digital privacy or actual privacy, consent is the key.
Rare Crew puts security first
As top-rated custom software developers, at Rare Crew we always make our clients’ security the utmost priority. Using up-to-date security best practices, we do our best to deliver software you can rely on.
If you want to know more, don’t hesitate to get in touch.