With virtually all companies today dependent on technology to some degree, protecting essential computer systems and data is a business-critical requirement. However, some common misconceptions may be putting your organization at risk.
Here’s a closer look at 11 common cybersecurity myths:
- Hackers only go after large companies. Small businesses don’t offer anything of value.
Often, the exact opposite is true — hackers often target small companies because they don’t have the security resources of large, enterprise organizations. Industry analysts report that 53 percent of all global cyberattacks target small to midsize businesses (SMBs). However, less than a third of these companies take active measures to guard themselves against security breaches due to staff and resource limitations.
- You will know immediately when your computer is infected.
Many of today’s attacks use malware designed to remain undetected for weeks or months, moving laterally throughout the network harvesting credentials and sensitive data. On average, it takes companies more than six months to identify a breach and another two months to contain it.
- You can avoid a data breach with a good password.
More than 80 percent of all confirmed data breaches involve weak, default or stolen passwords. You can reduce the threat with strong passwords that use a combination of at least eight characters, numbers and symbols. A better approach is the use of multifactor authentication that requires two or more identifying factors.
- Cybersecurity is an IT problem.
Security is the concern of everyone, from the CEO or president on down. When top executives make security a high priority, it tends to permeate through the company. Training and awareness programs are essential for making cybersecurity part of the company culture.
- Law enforcement will protect me from a cyberattack.
Law enforcement has a role in holding cybercriminals accountable, which is why you absolutely should notify law enforcement if you get hacked. But law enforcement doesn’t really have the manpower, budget or technology resources to prevent attacks or track down international cybercriminals.
- Hackers are not well funded.
Cybercrime is a business, and business is booming. According to one recent study, the cybercrime economy is worth an estimated $1.5 trillion, roughly equal to the gross domestic product (GDP) of Russia. Cybercrime organizations spend more than $1 trillion every year to develop tools, technologies and people so they can continue to steal sensitive information and intellectual property that they can sell.
- Cybersecurity can be fully achieved.
The only way to be fully secure is to get off the Internet and stop using technology. Obviously, that isn’t going to happen. Security is a process, not a product. Companies must remain vigilant and continually invest in training and technologies to maintain a robust security posture.
- Cybersecurity risks only come from the outside.
Many attacks originate outside the company, but insider threats are responsible for many serious breaches. IT security professionals say employees and trusted vendors are responsible for as many as 60 percent of all breaches. While some may be malicious attacks from disgruntled employees, most result from employees who unintentionally mishandle sensitive data or commit policy violations.
- Antivirus and antimalware software keep you completely safe.
Those are two essential elements of any security plan, and they will indeed stop a fair number of attacks. However, increasingly sophisticated threats are designed to defeat these measures. The best approach combines layers of protection to discourage hackers.
- Public Wi-Fi is safe if it requires a password.
Although passwords are helpful, using Wi-Fi in a public place such as a coffee shop carries inherent risks. As a broadcast technology, Wi-Fi is more vulnerable than wired connections to data theft, eavesdropping and other potential hacks. If you do connect to a public Wi-Fi hotspot, don’t access important business, financial or personal data.
- All IT professionals are security experts.
IT pros tend to have expertise in specific technology disciplines. Programmers, network architects, hardware engineers and systems analysts may have very little cybersecurity training. In fact, there is a global cybersecurity skills shortage.
Here is what Rimon Moses, our CEO, has to say about these common IT myths.
As a leading provider of business-enabling technology solutions, RMM Solutions has invested in the tools and talent to implement and manage comprehensive cybersecurity solutions. We’d welcome the opportunity to discuss your current security posture and any concerns you may have.