Confirmation bias is a psychological phenomenon that refers to our tendency to seek out and interpret information that confirms our pre-existing beliefs or values while ignoring all evidence to the contrary.
In my capacity as a business person, parent (and Arsenal fan), I get tested a lot.
Sometimes taking a wider view or different perspective undoubtedly helps, but on occasion, the blinkers are so firmly fixed that no amount of evidence can shift our thinking.
Since the start of the year, LoughTec has been inundated with unsolicited support calls from businesses and organisations across Northern Ireland, asking for our help to solve cyberattacks that range from ransomware to business email compromise.
Many of those business owners, in calmer moments, admit to having thought that a cyberattack would never happen to them, and as a result of that belief had protected their businesses accordingly.
There is still a commonly held belief amongst many in the business community, despite evidence to the contrary that “a cyberattack will never happen to us”.
The cyber security industry has no shortage of compelling factual information and yet there are those who still buy into some of those other cyber-myths.
The idea that “we’re too small to be a target” is countered by the fact that you’re a perfect size.
In fact, small businesses are more vulnerable because they usually have fewer resources and have weaker security systems in place.
“We are covered by cyber insurance” is a sound idea however, as with all insurance, you need to prove that you have done your very best to protect your business from cyberattacks.
Being insured simply isn’t enough if you consider reputational damage, downtime and future opportunity cost.
“We can recover any lost data from our backups” can be wishful thinking as your back-ups are just as vulnerable to attack if you don’t take the correct measures.
“Cyber Essentials will cover us”.
Sure, Cyber Essentials is an excellent step to improving your cyber security posture and helps you get the basics right, but it does little to protect you in the event of a severe breach.
Even with the best anti-virus software solution, your network is still vulnerable. AV protection is essential but not a panacea, protecting only against known threats and not zero-day exploits.
As businesses have become more reliant on digitisation and technology, the threats to business have become more frequent and persistent and yet many of the methods used by hackers can be unsophisticated - phishing emails or social engineering to access systems rely on tricking individuals into divulging their passwords or other sensitive information.
Cyber security is no longer the responsibility of the IT department or MS partner – every employee has a responsibility to help maintain an adequate standard of cyber hygiene. Did you know that as many data breaches are caused by human error as by strategic cyberattacks?
In a world where we are told never to ‘assume’, I think in the context of cyber security, we are now at a place where it is safe to assume that your business has already been attacked. Or will be soon.
Sean McDermott is the CEO of LoughTec Cyber Security (www.loughtec.com)
