At a time when cyberattacks, ransomware attacks and online fraud are all on the rise, it’s important that everyone understands the basics of cybersecurity.
However, I still come across a lot of common myths, misconceptions and a general lack of understanding around some of the most common threats.
So, here’s a rundown of five of the most common myths around a subject that many people see as very technical but, in fact, often involves common sense and alertness. By dispelling some of these myths, individuals and organizations can ensure they are better prepared to defend themselves against a number of growing threats.
Cyber Defense Is All About Technical Skills
When we imagine what the task of defending against cyber threats looks like, we might imagine someone sitting in a darkened room scanning a monitor to detect signs of intrusion into a network. In actual fact, the vast majority of cyber-attacks (89% according to a 2022 study by the UK government) involve social engineering, where an attacker attempts to trick someone with access into letting them in. Rather than programming, systems administration or computer science skills, defending against these threats involves alertness, risk management, knowledge of regulations and compliance, and of course, common sense. In reality, the most important element of cybersecurity often involves understanding the human element of these attacks – as this is usually what criminals hope to exploit.
Only Businesses Need To Worry About Cyberattacks
You might think that cybercriminals are only interested in targeting businesses or perhaps wealthy individuals, but this would be a big mistake. Thousands of attacks against individuals are launched every minute, often in the form of phishing attacks that attempt to get us to divulge sensitive information that can be used to access our computers or accounts. Other attacks that are commonly targeted at individuals include attempts to place viruses or spyware on computers and keyloggers that monitor keystrokes in order to collect passwords, credit card numbers or bank account details. Another emerging threat that commonly targets individuals is the botnet. This involves hackers hijacking hundreds or thousands of computers and leeching their power in order to run power-hungry but profitable activities such as cryptocurrency mining. In all these cases, cybercriminals often prefer to target individuals rather than businesses, as they are less likely to have measures in place to detect and prevent attacks.
It’s Solely the Responsibility of the IT Department
In the past, it was perhaps understandable that an organization’s employees simply expected the IT department to take responsibility for keeping them - and the company as a whole - safe from cyber threats. Today, as threats become far more diversified and less focused on technical attacks, everyone has a responsibility to be vigilant and to develop an understanding of safety and best practice. In the boardroom, cybersecurity needs to be a fundamental element of business strategy. Just as essentially, rank-and-file employees should understand the importance of everyday cybersecurity, such as avoiding phishing attacks, use of strong passwords, and keeping data secure while working off-premises.
Strong Passwords, Firewalls And Antivirus Are All I Need
While they are important, there’s a common misconception that if an individual gets these basic steps right, everything will be fine. Taken together, these three measures are the basic building blocks of the technical elements of cybersecurity – they can be thought of as the front door, the walls, and the guard dog, respectively, of your digital house. Brute force attacks or social engineering methods are routinely used to circumvent supposedly secure passwords, meaning that other factors, such as multi-factor authentication (MFA), are essential. Firewalls, though essential, are far from impregnable and, like antivirus measures, must be consistently monitored for breaches and kept up-to-date. And, of course, they are all worthless if you, or someone else with access to your system, ignores the human factors we have previously discussed in this article and simply give an attacker the keys to let themselves in.
Cyberattacks Are An External Threat
Media coverage often focuses on criminal gangs that attack victims from afar. Unfortunately, this obfuscates the fact that research suggests up to 75 percent of cyber attacks are actually inside jobs.
Insiders, out of necessity, are given a level of trust within organizations and also generally have knowledge of internal systems and processes that can be used to circumvent security measures. Mitigating these threats can be a sensitive business for obvious reasons – as showing a lack of trust in staff or implementing overbearing surveillance measures may have consequences that are just as damaging as any cyber-attack.
But disgruntled employees or insider corporate sabotage are just the start of the story. It’s also believed that bad cybersecurity habits picked up while working from home due to the pandemic have led to an increase in bad practices and habits that are leaving organizations further exposed.
Once again, education and instilling a level of alertness across the workforce is the key to tackling this misconception.