1. Attackers can't be stopped
Of course, they can. If you do what you can to protect yourself, you can stop an attacker from attacking you in the first place. It can be prevented if you've got the right partners who are doing their due diligence to keep you protected.
2. IT security knows what needs to be fixed
Oftentimes, they don't. They may just be firing away because they haven't done an investigation to see where the gaps are. A fullproof way is to ask IT what your company's biggest threat is and to make sure there is enough data to support the conclusion.
3. Patching is under control
In many areas, patches aren't nearly being implemented enough. The biggest hacks occur from software patches that haven't been applied for three years or more. Companies aren't as aware as they should be about new patches being available.
4. Employee security training is currently adequate
Most companies are not doubling down on the importance of security training for employees. Training should really be done on a weekly or monthly basis to be proactive about cybersecurity infections.
