We’re addressing the top cyber security myths so that you don’t fall prey to these false narratives and can properly protect yourself from cyber-attacks. Make sure to read Part 1 to get the full scope so you won’t be caught off guard.
Myth #4: We have antivirus and a firewall in place, so we’re safe.
Before you can understand the error in this way of thinking, you first have to understand what you’re up against. A new cyberattack takes place every 3.9 seconds. A new virus is created every four seconds. This means criminals are attacking quickly, often, and from multiple angles.
The traditional approach to cybersecurity is not fast enough to adapt to the evolving threats we face. Have you ever thought about how the current security model works and noticed that it doesn’t make sense? Think about it: our security measures are dependent upon someone finding a vulnerability in a program, operating system, or piece of hardware. In other words, we wait for a criminal to find the vulnerability and exploit it. Only once the manufacturer or developer becomes aware of the issue do they develop a security patch to plug the vulnerability without reducing the functionality of their product. Who knows how long that process takes, and in the meantime you’re still vulnerable.
Even when the patches are released, they’re not instantly applied. They sit there until you or your IT person installs them—assuming that either of you is aware that a security patch even exists. You must then repeat this process for every device and every piece of software in the organization. That’s how businesses are currently being protected.
Take that long, drawn-out, manual approach and stack it up against the overwhelming velocity that cybercriminals are attacking with. The sheer volume of attacks we face forces us to constantly be on the defensive, trying to plug holes. This stacks the deck against you. If there is only one message you take away from this section of the book, let it be this: The attacker only has to get it right once for their threat to work. Our defensive measures have to get it right every single time.
If that weren’t bad enough, we are defending ourselves with one hand tied behind our backs: the same hardware and software we put in place to defend ourselves is also available to be purchased by cybercriminals. This means they can test and fine-tune their attacks against the same resources we use to protect ourselves.
Myth #5: All of our stuff is in the “cloud,” so we don’t have to worry about security.
This could not be further from the truth. Sure, the cloud is more secure in the sense that the physical servers are better maintained and protected than in a traditional business. But the cloud provider doesn’t ensure the protection of your data. If your files get corrupted, that’s on you. The service provider is not responsible in the event that a cybercriminal gets the credentials needed to access your cloud environment.
Unfortunately, this happens all too often because people have a false sense of security when it comes to being in the cloud. Logic should tell you that if a cybercriminal is able to compromise a machine within your organization, then it’s only a matter of time before they are able to gather the credentials needed to access your cloud environment.
Myth #6: I’m good because I don’t open emails from people I don’t know.
Ninety-one percent of all data breaches start with an email. This makes it the number one method criminals use to get inside businesses. It’s easy for them to send out massive amounts of email; they only have to get lucky once. All it takes for a criminal to get in the door is one person accidentally clicking on a bad link.
We’re not talking about a fake email from a Nigerian prince who wants to send you a million dollars. Those scams are easy to spot. Now end-users are being bombarded with messages that look like things they actually want to click on—messages that look like they are coming from vendors, shipping agencies, and even financial institutions. Not to mention that it’s quite easy for a criminal to copy (a.k.a. spoof) a person’s email and make it look like you are receiving a message from someone you know. Therefore, the idea of only opening emails from people (you think) you know, is not foolproof.
On the surface, some of these myths may seem harmless. However, you can see how each of these misconceptions might have a critical impact on your business. Managing digital risk is everyone’s business, no matter what industry they’re in or what kind of business they’re running. Do not let these outdated ideologies give you a false sense of security.
Even though risk is always present and the consequences can be destructive, you can create a plan. There are ways to guard against risks, prevent them, and minimize their effect if and when they occur. To speak to someone about a risk assessment or creating a customized plan for your company, touch base with one of our specialists.