How Security Overconfidence Is Undermining Protection
Confidence is critical in cybersecurity, but overconfidence can be dangerous. Recently, we've run into a troubling disconnect between organizations' perceived security strength and their actual security practices. This "confidence paradox" is quietly weakening enterprise defenses, leaving many companies more exposed than they think.
Based on a report from my company, BeyonodID, a staggering 85% of organizations report being confident in their ability to detect a breach within 24 hours. Yet 72% of these same organizations experienced a security incident in the past two years. It's a jarring disconnect that raises serious questions about how companies are assessing their readiness.
The data paints a clear picture: perception is outpacing performance.
The Illusion Of Maturity
Many organizations proudly claim their identity security is in good shape; 74% rate themselves as advanced or established. On paper, that sounds impressive. But when you dig into the basics, a different story emerges. Even though MFA is one of the simplest, most effective ways to block credential-based attacks, only 34% of smaller companies (with 26 to 100 employees) use it.
There's a dangerous pattern here: a false sense of security. Leaders are confident in their defenses, but that confidence is often built on shaky ground. Without essential safeguards in place, the risks grow quietly, creating blind spots that leave organizations more exposed than they realize.
Healthcare: High Stakes, High Risk
Looking at healthcare as a key example, the stakes couldn't be higher. This is an industry entrusted with some of the most sensitive personal data, yet it's one of the most at risk.
According to the 2025 Breach Barometer, healthcare data breaches broke records in 2024 with 1,160 incidents affecting patient and healthcare organization data alike. Meanwhile, healthcare organizations took an average of 279 days to identify and contain breaches, more than five weeks longer than the global average across all sectors. As attackers increasingly target smaller hospitals and clinics with fewer security resources, many fear that these organizations have become low-hanging fruit for ransomware groups.
This gap between perception and reality isn't unique to healthcare, but here, the consequences are far more immediate and personal. It's not just about financial loss or reputational harm. It's about protecting lives and safeguarding trust when it matters most.
Closing The Confidence Gap
Bridging the gap between perception and protection starts with a mindset shift. Security leaders must take an unfiltered, data-driven look at their defenses. It's not enough to feel secure. Security needs to be proven. That requires routine audits, real-world penetration testing and assessments that measure what's truly happening, not just what policies suggest.
Equally important is a return to the fundamentals. Basic security hygiene—enforcing multi-factor authentication for all users, adopting least privilege access and conducting regular user access reviews—must become non-negotiable. These are not advanced practices; they're the groundwork that keeps doors closed to attackers.
Finally, organizations need to embrace a new reality: identity is the modern perimeter. As users, applications and AI agents connect from everywhere, securing identity is the clearest, most effective way to contain the impact of a breach.
The confidence paradox can be solved, but only if leaders are willing to challenge their assumptions and prioritize action over appearances. Security isn't a checkbox, a dashboard or a feeling; it's a discipline. And the sooner organizations align their confidence with their actual capabilities, the stronger they'll be when the next threat comes knocking.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Bloomberg
22 minutes ago
- Bloomberg
Odd Lots: Housing Is a Problem Even in a State With Declining Population
You can kind of understand why it's so hard to build housing in New York City. There isn't much available land. It's already pretty built up. And then, add in the fact that so many people want to live in New York, and you can understand why it's so expensive. But what's the deal with Alaska? There seems to be plenty of land. And population has actually been in a a general state of decline. And yet, housing remains strained, with many of the same affordability problems seen elsewhere in the country. So what are the specific challenging dynamics to be overcome? On this episode, we speak with Jimmy Ord, Daniel Delfino, and Stacy Barnes of the Alaska Housing Finance Corporation to understand the challenges they face, and the work they do to ease the strain. We get into both the specific logistical, political, and financial tools available to reduce pressure.
Yahoo
28 minutes ago
- Yahoo
Make your money work for you by ‘laddering' bonds or CDs
If you have a lot of cash on hand, it should be making money for you. One way to ensure it continuously does that is to set up a ladder of Treasuries or FDIC-insured certificates of deposit with staggered maturities (eg, 1 year, 2 years, 3 years, etc.). When a ladder might make sense A laddering strategy can offer low-risk, predictable returns that will help you keep up with — or beat — inflation, while protecting your money during volatile markets and helping you meet your near- and intermediate-term goals. 'Which ladder works for you depends on your needs,' said Collin Martin, a fixed income strategist at Schwab Center for Financial Research. For example, ladders can be useful if you want to: Preserve purchasing power: A fixed income ladder can help if your main concern for a given sum of money is to protect the principal and not let inflation devalue it. Rhode-Island based certified financial planner Sue Gardiner had a client whose goal was to preserve capital and protect purchasing power of money going to beneficiaries of an inherited IRA that had to be fully distributed within 10 years. 'So we used TIPS (Treasury Inflation-Protected Securities) to hedge inflation, but balanced them with Treasuries and brokered CDs to lock in competitive yields and keep annual liquidity,' she said. 'The ladder was designed so each year's withdrawal is funded by maturing securities.' Pay off debt: If you have credit card debt and can secure a zero-rate balance transfer card — which lets you pay off your debt interest free for up to 21 months — a ladder of CDs or bonds can generate additional income to help clear your balance. Say you have $100,000 from the sale of a house or an inheritance. If you don't already have an emergency fund, set aside some of the money into a high-yield FDIC-insured online savings account or a money market fund. Then split the rest evenly across the number of 'rungs' in the ladder you choose. For instance, a three-month CD or Treasury, another one maturing in six months and a third one maturing in a year. As a CD or Treasury comes due, direct the income it throws off plus some or all of the principal to pay down your 0% credit card debt, Gardiner suggested. Grow savings for a specific end dat e: Or, say you want to have enough money to make a down payment on a home in five years. 'If the goal has a finite date, ladder the strategy so all the money is available for the down payment [on that date],' Gardiner said. Set up a cash flow stream: If you're about to retire but won't claim Social Security for a few years, you might consider a laddered bonds strategy to provide a steady income stream between now and then or even for longer. 'It provides stability and predictability while bridging the gap until larger income sources like Social Security kick in, or to create a predictable foundation while other assets are positioned for growth,' Wade Pfau, founder of the site Retirement Researcher, wrote in an article about bond laddering. 'As one (bond) matures, the principal is returned and can be reinvested or spent, depending on your needs at that time.' Questions to ask To set up a laddering strategy that works for you, consider these questions: How long before I need the money? Be very clear what your liquidity needs will be for the money you're investing. Once a ladder of investments with staggering maturities is set up, if you tap any before they come due, you may have to pay a penalty in the case of CDs that you buy directly from a bank; or you might lose some of your principal if you're selling a bond (or a CD purchased through a brokerage) when you sell it back into the secondary market. 'Make sure you match up maturities of those holdings with what your time horizon is. You don't want to suddenly need all of it and be forced to sell at a loss,' Martin said. Also know that any investment on your ladder that is labeled 'callable' means the issuer can recall it and pay you back your principal before the instrument comes due, plus any income owed up until that point. So ideally, you will only invest in non-callable CDs or bonds, otherwise you might need to reinvest it sooner than you think. Does it make more sense to invest in CDs or bonds? What you'll net after taxes from your investment is a key consideration. The income you earn from a CD is taxable at the federal, state and local level. If you invest in Treasuries, the income is exempt from state and local taxes. So if you live in a high-tax area, they may be a better bet. But if you live in a state with no income tax or very low income taxes and the yield on a CD is better than a bond of similar duration, the CD may be your better bet. Do I want to manage the ladder myself? If you're setting up a ladder of CDs or Treasuries for a one-time, date-certain purpose and your plan is to use the money as it comes due, that might be the simplest thing for you to set up and manage. But if your plan is to use a ladder on an ongoing basis for income, that will mean you have to keep track of everything and be proactive about reinvesting your money whenever it comes due to maximize your income potential. Alternatively, there are now some ETFs that ladder bonds, which can do the work for you if they're structured in a way that meets your goals. If you're building you own ladder, your brokerage may offer model laddering strategies that will help you set one up and then can automatically do the reinvesting for you if you choose. If, however, you're considering laddering municipal bonds for their tax advantages or corporate bonds to maximize yield, you might consult a fixed income adviser or have an investment professional manage your ladder for you because those instruments require a little more research to make sure you're getting the risk-reward trade-off. 'You don't want to blindly invest in those,' Martin said.
Yahoo
33 minutes ago
- Yahoo
Bulls front office slammed in new NBA GM ranking
Bulls front office slammed in new NBA GM ranking originally appeared on The Sporting News For the sole team in the NBA's third-biggest market (both New York and Los Angeles have two clubs apiece), the Chicago Bulls have been an absolute exercise in irrelevance for the better part of a decade at this point. To wit, Chicago has been given just three nationally broadcast games heading into the 2025-26 season, more than only five clubs who got only two such games per — the Brooklyn Nets, New Orleans Pelicans, Utha Jazz and Washington Wizards. Since trading away future Hall of Fame swingman Jimmy Butler during his absolute prime in 2017, the team has made the playoffs just once. Butler, meanwhile, has made the playoffs every season and has appeared in two NBA Finals. Understandably, without any obvious blue chippers, Ben Rohrbach of Yahoo Sports has slammed team president Arturas Karnisovas in a new ranking of the NBA's front office leaders. Rohrbach's rankings cover just 23 of the 30 top decision makers for each club, as Rohrbach notes that seven such figures haven't been on the job long enough for him to make a definitive qualitative appraisal. "It should come as no surprise that Karnisovas' Bulls rank dead last. The once-proud franchise has been a mess ever since Michael Jordan left in 1998, save for a short-lived resurgence under Derrick Rose," Rohrbach writes. "They have made the playoffs once under Karnisovas, getting gentlemanly swept from the first round in 2022." MORE NEWS:Bold Bulls trade proposal sees Chicago land All-Star forward from Raptors Karnisovas, who has been in power since 2020, replaced the Bulls' prior one-two front office punch of John Paxson and Gar Forman — both of whom were criticized for not making enough trades and signing over-the-hill veterans during the team's Rose era. Compared to Karnisovas, Paxson and Forman made trades at the rate of Danny Ainge. Both front offices generally prioritized past-their-prime free agents. Paxson and Forman's critical decision to offload Butler eventually led to their departure three seasons later, following a middling rebuild attempt (which Forman pretended was a mere "retooling" for some misguided semantic reason). "Other than that, the Bulls have been an annual entrant into the Eastern Conference's play-in tournament, where they regularly have lost, staying stuck in the NBA's dreaded middle for the better part of a decade," Rohrbach adds. Not making the playoffs for three straight seasons — even in what is essentially the NBA's JV conference (the East) — when a majority of teams (16 of 30) do make the playoffs doesn't make the Bulls mediocre, despite their records hovering around .500 for the last several seasons. It makes them bad. MORE NEWS:Bulls announce first scheduled matchup against Lonzo Ball
