As South African businesses continue to navigate the complex landscape of cyber security, Kobus Robinson, Lead Solutions Consultant at OpenText, warns that misconceptions about cyber security posture often leave organisations vulnerable to sophisticated attacks. Speaking to ITWeb, Robinson outlines eight of the most common fallacies he encounters and provided actionable insights on how companies can strengthen their defences.
1. Cyber security is an IT problem, not a business problem
"Many organisations mistakenly silo cyber security within their IT departments," says Robinson. "This mindset neglects the broader impact that a cyber attack can have on operations, finances and reputation. Senior leadership must be actively involved in cyber security decisions, from budget allocations to crisis response planning. Without this, even the best technical measures may fall short."
2. We are too small to be a target
A pervasive myth among small and medium-sized businesses (SMEs) is that they’re too insignificant to attract cyber criminals. "This couldn’t be further from the truth," Robinson explains. "Smaller businesses often have fewer resources for robust security, making them attractive targets for opportunistic attackers."
3. Our perimeter defence is enough
While firewalls and VPNs are essential, relying solely on perimeter defences is risky. "Modern cyber attacks frequently exploit vulnerabilities beyond the perimeter," Robinson notes. "Defence-in-depth strategies, such as endpoint protection, network segmentation and regular employee training, are critical to staying ahead of attackers."
4. Our employees are aware of security threats
Assuming employees are well-versed in cyber security can lead to complacency. Robinson cautions: "Human error remains one of the leading causes of breaches. Continuous education, including phishing simulations and scenario-based training, is essential to mitigate this risk."
5. We’re compliant, so we’re secure
Meeting regulatory standards, such as POPIA or GDPR, is a good start but shouldn’t be the end goal. "Compliance is about meeting minimum requirements," says Robinson. "True security goes beyond compliance, demanding proactive measures like advanced threat detection and continuous risk assessments."
6. Our backup strategy is good enough
While backups are a vital component of disaster recovery, they can also be compromised during an attack. "Secure, isolated backups and rigorous testing are non-negotiable," Robinson emphasises. "Businesses must also consider rapid restoration plans to minimise downtime."
7. We’ll catch a breach early if it happens
Overconfidence in breach detection is a dangerous assumption. "Some breaches can go undetected for months," Robinson warns. "Proactive monitoring tools, threat intelligence and incident response capabilities are critical for minimising the impact of intrusions."
8. We’re not vulnerable to insider threats
Insider threats, whether intentional or accidental, are often overlooked. "Employees with access to sensitive data can inadvertently or deliberately cause harm," Robinson explains. "Adopting the principle of least privilege and monitoring user activity can significantly reduce this risk."
Elevating cyber security awareness
Addressing these misconceptions is not just about protecting assets but about fostering a culture of cyber security awareness across the entire organisation. "The threat landscape is constantly evolving, and businesses that remain static in their security approach are inviting trouble," Robinson concludes.
By challenging these myths and adopting a proactive, holistic cyber security strategy, South African organisations can better equip themselves to face the growing wave of cyber threats. For Robinson, the message is clear: cyber security is everyone’s responsibility.
Find out more about how you can use AI to defend against cyber threats here.
Share