Amid the complexity of cybersecurity and the secrecy of criminal hackers, security threats have acquired an aura of mysticism, giving rise to enduring legends, rumors, misperceptions and outright myths. In the cybersecurity space, these myths are almost always damaging. Watching from the murky underworld, attackers can find the people and businesses that believe these myths, then they strike.
Belief in myths can be harmless. But when that belief leaves
you with a stolen credit card or a compromised corporate network, the
consequences are all too real. Here are some common myths that plague cyberspace,
and solutions to deal with them.
1. This can’t happen to me. People and companies often
feel there’s safety in numbers. But, while a crowd may create the illusion that
few users are affected, the hard data is worrying. Viruses, malware, and other
threats are steadily increasing in complexity and number, which means the
chance an unprotected device will be compromised is always growing.
2. I have a strong password; I’m safe. A
strong password is recommended, but users shouldn’t bank on it. Strong
passwords can be leaked too. It’s good practice to change them regularly, and a
password manager should be a common tool.
MFA (multi-factor authentication) and 2FA (two-factor authentication)
are great ways to bolster security. Adding another layer of protection by
requesting a code from a linked MFA app or a confirmation email keeps users
secure if their usernames and passwords are leaked.
3. I never browse online in unsafe locations, so I can’t get
infected. Trying to stay safe by carefully browsing the
Internet is commendable, but it only lowers the risk – it doesn’t eliminate it.
Even well-known websites can fall victim by displaying third-party ads infected
with malware, which in turn try to infect visitors to the website.
Attackers can compromise a system in other ways, and
users don’t even have to open an Internet browser. Emails are the most common
culprit for infections, but if your device is unprotected or out of date,
sometimes it’s enough to turn it on.
Of course, installing a security solution offers the best
protection in this situation, along with an up-to-date browser that can defeat
the latest online threats.
4. Security costs too much. Individuals and small
companies who think security solutions are too expensive don’t usually consider
the downside costs. Losing precious data can be a lot more costly than using
antivirus software or a dedicated enterprise security solution.
5. My data is not all that important; it doesn’t matter if I’m
hacked. It’s easy to think you hold nothing of value for
hackers, but that’s often an illusion. A user name and password to an email can
be used in nefarious ways, especially since people tend to re-use the same
credentials for most of their services, such as banking.
An attack by ransomware (malware designed to encrypt data
for extortion) is the quickest, most devastating way to get users to rethink
the idea that their data holds no value. Suddenly, your family photo collection
is encrypted in a ransomware attack, and you’re asked to pay a large sum of
money to get them unlocked, or it’s lost forever. Now, the attackers decide how
much your data is worth.
Hacking is not always about theft. Systems can be
compromised for other purposes, like for coordinated attacks against other
6. I have an antivirus; I don’t need anything else.
There used to be a time when having a simple antivirus solution was more than
enough to secure an endpoint, but those times are long gone. The complexity and
multitude of attack vectors today require a more pro-active approach that can’t
rely solely on a piece of software.
Modern phishing attempts, aimed mostly at the enterprise
sector, are based on social engineering and human error. Such efforts might succeed
in enterprise environments that are not adequately protected.
7. I would know if my computer or phone is infected.
Unsecured computers typically don’t exhibit symptoms at first glance. People
don’t know when someone controls their webcam, when someone gains access to
their email or bank account, or when their computer is used as a zombie in a
coordinated attack against other targets.
Only truly devastating / directed attacks, such as
ransomware, will be immediately visible. In most cases, nothing visually
happens when a computer or device is hacked. Most of the time, you get no big
red neon sign flashing when a computer, network, or website is compromised.
Hacking is a silent crime that wants very much to remain in the dark.
8. Securing the network and computers might not be enough.
Many threats come from the outside world, from people who are trying to get
into a system. Security issues can emerge from unusual places, such as unpatched
wearable or IoT devices that are already authenticated into a network.
9. Phishing is not dangerous, and I can spot it from a mile away.
Phishing is a tried and true method of obtaining stealing victims’ data.
Usually, it involves a replica of a known public or private service. But it can
be hidden well enough in an email or website that someone will inevitably fall
prey to it. Users must always be wary of the links they open, and never imagine
that they might be above deceit.
10. I don’t even
have a computer; I can’t be hacked. In today’s world, anything
that has a semblance of an operating system presents a possible target. Just
because someone doesn’t have a computer, it doesn’t mean that other devices are
not exposed. Hackers can go after phones, routers, and even a smart TV.
Security is about protecting all endpoints, no matter what they are.
Cybersecurity myths are a real threat because they tend
to prompt users to ignore real threats, helping bad actors get your data, or
simply to wreak havoc. Knowing that myths are merely illusions is the first
step toward a safer life online.