Title : Cyber Security Myths and Misconceptions

Posted by : Tariq Azmi | 2021-12-09

The volume of cybersecurity incidents is on the rise across the globe, but misconceptions continue to persist, including the notion that:

  • Cybercriminals are outsiders. In reality, cybersecurity breaches are often the result of malicious insiders, working for themselves or in concert with outside hackers. These insiders can be a part of well-organized groups, backed by nation-states.


  • Risks are well-known. In fact, the risk surface is still expanding, with thousands of new vulnerabilities being reported in old and new applications and devices. And opportunities for human error - specifically by negligent employees or contractors who unintentionally cause a data breach - keep increasing.


  • Attack vectors are contained. Cybercriminals are finding new attack vectors all the time - including operational technology (OT), Internet of Things (IoT) devices, and cloud environments.


  • My industry is safe. Every industry has its share of cybersecurity risks, with cyber adversaries exploiting the necessities of communication networks within almost every government and private-sector organization. For example, ransomware attacks are targeting more sectors than ever, including local governments and non-profits, and threats on supply chains, ".gov" websites, and critical infrastructure have also increased.


  • Cybercriminals don’t target small or medium-sized businesses: Most Small and Medium-sized Businesses (SMBs) often think that they are immune to cyberattacks and data breaches because "we're too small" or "nobody wants our data." This couldn't be further from the truth and is one of the top myths about cybersecurity that needs to be debunked right now.


  • We've never experienced a cyberattack, so our security posture must be strong enough Cyberthreats are continually growing in sophistication and complexity and organizations need to strive continuously to stay ahead of this ever-changing landscape.


  • Our passwords are strong enough to avoid a data breach: Organizations often believe that their regular passwords are strong enough to keep their business safe. However, strong password practices are only the start.


  • Anti-virus and anti-malware software are enough to keep us safe: Anti-virus and anti-malware software is certainly imperative to keep the organization’s network and systems safe. But technology alone won’t protect your entire IT infrastructure from all cyber risks.


  •  IT department is responsible for cybersecurity: It is not wrong to say that the IT department is responsible to implement new processes and policies to keep the cybersecurity in a top-notch state. However, they just don’t have a magic stick to protect all of the computers in the network. In reality each employee should be extremely careful when receiving and opening different e-mail messages from colleagues or third parties.