IT Myths: "100%" security
Recently a well known security vendor’s CEO was publicly chastised for claiming they stop 100% of malware, using a single suite of products. There are a couple of major issues with this stance which (the vast majority of) cybersecurity experts agree on:
Security must be implemented in layers, there is no silver bullet. Antivirus, spam filtering, threat detection, etc. all work together to protect different aspects of your business, and catch threats that get through other layers.
No security is 100% effective, even in layers. Modern cybersecurity must start with a “when not if” approach to a breach. Companies should put as much emphasis and resources into responding and recovering from breaches.
If someone is pushing 100% effectiveness of a solution, there is an easy test to see if they truly believe in their statement or are just selling snake oil. Ask if they will cover any and all costs related to a breach, with zero restrictions or limitations. In my 15 years in IT so far, I have not seen a single company agree to this. True security and risk management includes security tools, robust processes, a plan for recovery, and cyberinsurance to cover the costs of that recovery.
Ready to build a modern cybersecurity and resilience program for your business? Contact a partner at CGP today.