In the world of cybersecurity and cybercrime, there are a lot of misconceptions rolling around. And since April 1st makes us all look like fools, it's the perfect time to bust three of the biggest myths around cybersecurity with our Trusted Partners.
Security myth 1: Small and medium-sized businesses aren’t targeted by hackers, cybercriminals are more interested in the larger companies.
Our Trusted Partner, CYFOR said “If you had no windows or doors on your house and went away for 2 weeks, will your valuables still be there once you got back? This is the reality I am afraid of for many small to medium size businesses when we view their current cybersecurity posture.“
Our Trusted Partner, Centre for Assessment responded “The sad reality is that opportunists will take advantage of any perceived vulnerability. This makes all types of security measures more important than ever.”
Our Trusted Partner, Develop Capability responded “In reality, small businesses made up over half of last year’s breach victims.
The proliferation of high-profile hacks in the news often tricks small and medium-sized businesses into thinking that they won’t be targeted for a cyber-attack. In reality, the opposite is actually true. In fact, according to the 2018 Verizon Data Breach Investigations Report, 58 per cent of data breach victims were small businesses.
This happens for several reasons. Many businesses aren’t targeted specifically, but instead are victims of what is known as ‘spray-and-pray attacks when hackers set up automated systems to randomly try to infiltrate businesses. As these attacks are random, any business can be damaged, regardless of size.
Small businesses tend to be ‘soft’ targets, as they are often not prepared against cyber-attacks and don’t have skilled security teams. This makes them more likely to fall victim to spray-and-pray attacks. Targeted attacks are then used to focus on these small businesses once it is discovered that they are vulnerable.”
Security myth 2: Businesses must buy expensive hardware or software solutions to implement effective cybersecurity.
We asked our Trusted Partner, Bergerode Consulting; “Effective cybersecurity, in my view, is first and foremost a set of positive behaviours which put cybersecurity on a solid footing. Just now, knowing what threats your business faces determines what choices you make about meeting these threats.”
Kevin continues “If a business faces a malware risk from staff using personal USBs in company workstations, some security companies will try to sell software to that business which controls the use of USBs, but such software can be expensive and it will certainly not address the reason why staff are using USBs, to begin with. Rather than buy such software, companies should seek to address why staff are using personal USBs and take ownership of the issue by updating the staff handbook to make use of personal USBs not permissible and also look to using existing software, e.g. Active Directory, to manage the use of USBs. This is more likely to address the root cause of the issue and deal with any risks than just buying a solution and being locked into an expensive support contract.”
Security myth 3: My business doesn’t have anything worth protecting from cyber-attacks.
We asked our Trusted Partner, Cyber Security Specialists; “Your data is worth thousands to marketing companies and can be used by hackers to launch more sophisticated attacks to try and obtain your bank details and login details to Netflix, Amazon and more!”
Is your business cyber secure?
Sign up for our FREE core membership and strengthen your resilience to online crime and cyber attacks.