Cyber security is complex. And its only getting more so with the rise of new technologies and the ongoing change in businesses towards “digital first” solutions. This complexity has allowed several myths to grow and spread, resulting in weakened security practices and additional risk to business. Let’s debunk some of the most common cyber security myths:
One of the most dangerous myths is the belief that cyber criminals only target large companies. Cyber attacks do not discriminate by size.
Cyber criminals often target smaller entities because they may lack robust cyber security measures, making them easier to compromise. To stay safe, everyone should prioritise cyber security, regardless of their size or scale.
Many people mistakenly believe installing antivirus software on devices is enough to protect them from all cyber threats.
Antivirus software can help detect and prevent known malware, but it is not infallible. Malware development and evolution is a dynamic field, with malware and exploit kits able to easily bypass traditional antivirus software. To enhance your protection, utilise Endpoint Detection and Response (EDR) software and complement it with other security measures, such as firewalls, vulnerability management tools, and most importantly, a culture of good cyber hygiene.
A strong password is important, but no longer enough. Even strong and complex passwords can be compromised through various means, including phishing attacks, keyloggers, and data breaches. To bolster your security, enable multifactor authentication (MFA) whenever possible, and ensure passwords are not reused across multiple services.
Another common misconception is that cyber security is exclusively the responsibility of an organisation’s IT department. Everyone within an organisation should be aware of cyber security best practices and adhere to them. Human error is a leading cause of data breaches, so fostering a culture of cyber security awareness is essential.
When it comes to cyber security, many believe that “more” is “better.” Having too many solutions can lead to complexity, alert fatigue, duplication of functionality, and precious time wasted as analysts log in and out of systems. Instead, focus on integrating and streamlining your security measures to ensure they work together effectively.
Many companies integrate a cloud platform provider and expect it to cover all aspects of cyber security. You must continue to manage your specific risks and implement policies in each of your internal and external platforms to ensure security. Relying solely on cloud providers can leave gaps in your cyber security strategy.
The myth is that standard cyber security training will make everyone smarter about security. In truth, generic training videos with a quiz at the end do not mitigate risk; they just add to people’s never-ending to-do lists. What we really need are tools that connect cyber security risk to specific activities, helping people practice better security hygiene..
Cyber security remains complex and continues to evolve. As such, it is essential to stay informed and be vigilant. By debunking common cyber security myths, we can better protect ourselves and our organisations from cyber threats. Remember, cyber security is not just about technology; it’s about people, processes, and a proactive approach to staying safe in the digital world.
Chris is the Principal Incident Response (IR) Analyst at NormCyber. His team have worked with businesses across a diverse array of verticals to efficiently remediate cyber security incidents. They are dedicated to identifying and eradicating threats within compromised digital ecosystems and have a wide variety of skills and capabilities to provide the best possible IR function for our clients.
References
Myth Busting: 5 Common Cybersecurity Misconceptions – Teknologize
19 Tech Experts Bust Common Cybersecurity Myths And Misconceptions – Forbes
