Amid the complexity of cybersecurity and the secrecy of criminal hackers, security threats have acquired an aura of mysticism, giving rise to enduring legends, rumors, misperceptions and outright myths. In the cybersecurity space, these myths are almost always damaging. Watching from the murky underworld, attackers can find the people and businesses that believe these myths, then they strike.
Belief in myths can be harmless. But when that belief leaves you with a stolen credit card or a compromised corporate network, the consequences are all too real. Here are some common myths that plague cyberspace, and solutions to deal with them.
1. This can’t happen to me. People and companies often feel there’s safety in numbers. But, while a crowd may create the illusion that few users are affected, the hard data is worrying. Viruses, malware, and other threats are steadily increasing in complexity and number, which means the chance an unprotected device will be compromised is always growing.
2. I have a strong password; I’m safe. A strong password is recommended, but users shouldn’t bank on it. Strong passwords can be leaked too. It’s good practice to change them regularly, and a password manager should be a common tool.
MFA (multi-factor authentication) and 2FA (two-factor authentication) are great ways to bolster security. Adding another layer of protection by requesting a code from a linked MFA app or a confirmation email keeps users secure if their usernames and passwords are leaked.
3. I never browse online in unsafe locations, so I can’t get infected. Trying to stay safe by carefully browsing the Internet is commendable, but it only lowers the risk – it doesn’t eliminate it. Even well-known websites can fall victim by displaying third-party ads infected with malware, which in turn try to infect visitors to the website.
Attackers can compromise a system in other ways, and users don’t even have to open an Internet browser. Emails are the most common culprit for infections, but if your device is unprotected or out of date, sometimes it’s enough to turn it on.
Of course, installing a security solution offers the best protection in this situation, along with an up-to-date browser that can defeat the latest online threats.
4. Security costs too much. Individuals and small companies who think security solutions are too expensive don’t usually consider the downside costs. Losing precious data can be a lot more costly than using antivirus software or a dedicated enterprise security solution.
5. My data is not all that important; it doesn’t matter if I’m hacked. It’s easy to think you hold nothing of value for hackers, but that’s often an illusion. A user name and password to an email can be used in nefarious ways, especially since people tend to re-use the same credentials for most of their services, such as banking.
An attack by ransomware (malware designed to encrypt data for extortion) is the quickest, most devastating way to get users to rethink the idea that their data holds no value. Suddenly, your family photo collection is encrypted in a ransomware attack, and you’re asked to pay a large sum of money to get them unlocked, or it’s lost forever. Now, the attackers decide how much your data is worth.
Hacking is not always about theft. Systems can be compromised for other purposes, like for coordinated attacks against other targets.
6. I have an antivirus; I don’t need anything else. There used to be a time when having a simple antivirus solution was more than enough to secure an endpoint, but those times are long gone. The complexity and multitude of attack vectors today require a more pro-active approach that can’t rely solely on a piece of software.
Modern phishing attempts, aimed mostly at the enterprise sector, are based on social engineering and human error. Such efforts might succeed in enterprise environments that are not adequately protected.
7. I would know if my computer or phone is infected. Unsecured computers typically don’t exhibit symptoms at first glance. People don’t know when someone controls their webcam, when someone gains access to their email or bank account, or when their computer is used as a zombie in a coordinated attack against other targets.
Only truly devastating / directed attacks, such as ransomware, will be immediately visible. In most cases, nothing visually happens when a computer or device is hacked. Most of the time, you get no big red neon sign flashing when a computer, network, or website is compromised. Hacking is a silent crime that wants very much to remain in the dark.
8. Securing the network and computers might not be enough. Many threats come from the outside world, from people who are trying to get into a system. Security issues can emerge from unusual places, such as unpatched wearable or IoT devices that are already authenticated into a network.
9. Phishing is not dangerous, and I can spot it from a mile away. Phishing is a tried and true method of obtaining stealing victims’ data. Usually, it involves a replica of a known public or private service. But it can be hidden well enough in an email or website that someone will inevitably fall prey to it. Users must always be wary of the links they open, and never imagine that they might be above deceit.
10. I don’t even have a computer; I can’t be hacked. In today’s world, anything that has a semblance of an operating system presents a possible target. Just because someone doesn’t have a computer, it doesn’t mean that other devices are not exposed. Hackers can go after phones, routers, and even a smart TV. Security is about protecting all endpoints, no matter what they are.
Cybersecurity myths are a real threat because they tend to prompt users to ignore real threats, helping bad actors get your data, or simply to wreak havoc. Knowing that myths are merely illusions is the first step toward a safer life online.