MYTH #1

You can 100 percent keep the bad guys from getting in. 

The truth is, if the bad guys want in bad enough they will find a way in.  Advanced attackers and the APT are savvy, sophisticated, well-educated, and often well-funded.  While I don’t believe you can stop the bad guys from getting in 100 percent of the time, I do believe you can be proactive about it.  Anticipate it, prepare for it, and in doing so - put yourself in a position of power.  And while you can’t guarantee the bad guys won’t get in, you can feel confident about being able to mitigate the impact to your organization.

MYTH #2

You don’t have anything worth taking. 

First, if that’s your answer, your organization needs better self-esteem.  Advanced attackers and the APT don’t just go after military secrets and big ticket items like KFC’s secret recipe.  If your company has customer data, credit card information, makes the little widget that’s part of a satellite, has information on M&A or negotiations – it’s worth having and someone will want it.  Identify what these gems are for your organization and put a plan in place to protect them.

MYTH #3

It won’t happen to your organization. 

First, read myths #1 and #2.  Second, reset your expectations.  You WILL at some juncture be compromised - in fact, you probably already are.  The chances of it happening are the same as you getting a tan if you went to a Dubai beach in summer - it’s inevitable.  Expect it, plan for it and make sure that you’re in a position to identify the threat and respond to it immediately.  In other words, have your mop and bucket handy, it’s going to get wet. 

It’s a scary world out there, but you’ve got great resources on your side.  Take advantage of them.  Make sure what you put into place gives you the visibility, context and automation you need to resolve any security incident that comes your way.

John Bentley is the Director, Middle East, Africa and India at AccessData.