Mention cybersecurity and immediate thoughts turn to technical controls such as firewalls, endpoint detection and patching systems. While these and other technical controls certainly are necessary, they must work in tandem with administrative and physical controls in order to form a mature risk mitigation program. This month, we will explore some of the physical aspects of cyber risk management, which inherently relies upon on-site security personnel and employee training for proper execution.

This month’s column takes over where we left off in April, bringing to a close our Top 10 list of widely held cybersecurity myths. This month’s list should prove no less provocative.

We have been following the same cybersecurity approach, more or less, for over a decade. Yet, most everyone agrees that the problem continues to grow worse. Perhaps we are not on the right course. Maybe we are operating on false assumptions. The following list (to be continued in next month’s column) is meant to promote a dialogue about what, in my view, are widely held cybersecurity myths.

Consider the irony of withholding threat and vulnerability information in the name of national security that, if properly disseminated, would do more to help our national security.

I recently interviewed Marc Goodman, founder of the Future Crimes Institute and author of the recently published book “Future Crimes: Everything is Connected, Everyone is Vulnerable, and What We Can Do About It.” In his book, Goodman sets forth with great precision the frightening extent to which current and emerging technologies are harming national and corporate security, putting people’s lives at risk, eroding privacy, and even altering our perceptions of reality.

Ask most corporate executives to define cybersecurity and their initial thoughts turn to data privacy. That’s for good reason. Companies are bleeding corporate trade secrets and personally identifiable information at such an alarming rate that confidentiality issues and related compliance concerns can’t help but dominate the cybersecurity agenda. Yet, ask cybersecurity professionals what keeps them up at night, and the topic invariably turns to data deletion, tampering with control systems, and the potential to cause physical harm over the Internet. These concerns fall into categories that are distinct from protecting data confidentiality. Instead, they demonstrate the importance of maintaining an enterprise focus on the integrity and availability of your company’s most essential data, systems and services.

Traditional network security risk management techniques are often inadequate to meet the specialized needs of enterprises' control systems. The good news is that a host of free resources exists to cover this important field of security, risk management, compliance and operational continuity. 

 Cloud computing technology providers are rapidly improving the effectiveness and efficiency of network security, and what we are seeing is just the beginning. If your business is not already taking advantage of cloud-based security solutions, chances are high you will benefit from this emerging market soon.  

Companies have encouraged their workforces to be effective regardless of their location or the time of day, making wireless Internet connectivity the latest lifeblood of workforce productivity. These gains have been accomplished primarily by embracing Wi-Fi, which is not without added risk. Cyber spies and criminals have successfully targeted wireless networks for years, which in turn, requires increased vigilance both when deploying Wi-Fi networks and when training our employees to safely use Wi-Fi.