The cyber security industry has grown exponentially over the past decade, with more resources being deployed to counter threats.
Yet, a new cyber-attack occurs somewhere on the web every 39 seconds. Thanks to the coronavirus pandemic, cyber-crime, including sophisticated phishing schemes, is also up 600% this year.
Part of the problem is the rapidly evolving threats within the cyber sphere; just as you think you have got on top of one issue, another comes along. When it comes to cyber security, it can also be difficult to find the truth in a sea of misinformation. However, knowing the facts is crucial to maintaining a robust approach to your IT security strategy.
So, let us unpick some of the most common cyber security misconceptions…
- ‘We do not have any cyber threats in our industry.’Whilst it is true that hackers frequently target finance, technology, healthcare and government sectors due to the large volumes of valuable data they hold, this is not always the case. (These are just the examples that tend to make the headlines.)
In reality, every industry is at risk. If you are connected to the internet in one way or another — even through a simple website or a social media account — then you risk being hacked. Cyber criminals will target whatever they can whenever they can.
- ‘My business is too small for a cyber-attack.’Many small to medium-sized enterprises (SMEs) mistakenly think they are safe from cyber security threats because they do not hold the same data or financial incentives as large corporations. But this also means they are less likely to invest in proper security systems and software — making them an easy target.
Statistically, 43% of cyber-attacks target small businesses. So, it does not matter whether you have 10 employees or 10,000: you are still at risk of being hit.
- ‘Our passwords are too strong to be hacked.’No password is 100% secure — no matter how many numbers or special characters you use. Most regular passwords are not strong enough to stand up against multiple break-in attempts from hackers using sophisticated technologies to crack your codes.
Instead, you should be employing a zero-trust approach and using multi-factor authentication to keep your systems and data secure.
- ‘We have anti-virus software, so that is enough.’There is quite an antiquated notion that installing anti-virus or anti-malware software is enough to keep your data safe. However, whilst these types of security software offer a modest amount of protection, they should not be your only line of defence.
No anti-virus or anti-malware can keep your system safe from all types of cyber-attacks. These types of software rely on large databases that contain information about all the known malware or viruses out there. But what happens when cyber criminals come up with something new? Many of today’s cyber-attacks are so sophisticated that they make it child’s play to circumvent standard security software — especially free versions!
- ‘Our firewall protects us from cyber criminals’Firewalls are designed to allow network traffic to be controlled to allow legitimate data in and out of the organisation. Part of the problem is that many organisations enable only a single layer of firewalls, through which a skilled hacker will easily breach.
Plus, due to the proliferation of corporate apps now residing in the cloud, not all data sits on the corporate network behind the traditional firewall. Many attacks exploit the network layer, allowing hackers to successfully breach organisations.
- ‘All threats come from external actors’There is also an unfortunate myth that cyber security threats come from outside your organisation. But in fact, the greatest danger is lurking inside.
Hackers will always try to take the easiest route to infiltrate your company by targeting your weakest link: your employees. Almost all (95%) of cyber security breaches are down to human error — whether that be a disgruntled employee or simply a careless one that clicks on a link and inadvertently grants a hacker access to your entire system.
As such, it is vital to properly educate employees about threats through easy-to-understand training and clear policies regarding cyber safety. Penetration testing can also help you to identify vulnerabilities, whilst proper identity and access management (IAM) will ensure only the right people have access to your data.
- ‘We will know straight away if we have been attacked.’This may have been true almost a decade ago when viruses would slow down your computer and load pop-ups. However, these days, hackers and malware are much more advanced than that.
Today’s attacks are sophisticated and designed to avoid detection — meaning they can sit undetected on your computer for months before you realise. Did you know the average time to identify a breach in 2019 was 206 days? And that the average time to contain a breach was 73 days?
By then, the attack could already have done significant damage by corrupting your systems or leaking your data. It is, therefore, essential to use cyber security tools to monitor your systems for any breaches so that you can react promptly and mitigate risks. Consider also the unknown attack scenarios; for these, a more sophisticated monitoring solution that uses advanced machine learning or artificial intelligence to identify anonymous patterns of attack is advised. Traditional monitoring tools only monitor for known vulnerabilities or attacks.