Top 5 Cybersecurity Myths That May Surprise You!
Cybersecurity has some of the greatest myths of cyber-security might surprise you a bit if you know anything about cyber-security and if you don’t you’re in for a wake-up call.
1: Hackers are super-smart programming geniuses
Most people generally feel that hackers are super-programmers. Unlike what we all see in the movies and games, the majority of hackers are not professional programmers, nor do most hackers have extensive knowledge of programming. According to IBM’s X-Force Threat Intelligence Quarterly, 4Q 2015, many of the hackers today constitute script-kiddies looking for “low-hanging,” soft targets that require little effort to penetrate and are “careless” about their cyber footprint. These are some of the biggest threats because they target small businesses and big businesses alike.
2: Most cyber-attacks originate externally
When most people talk about a cyber-attack, they’re thinking of a network Deathstar with an outside forces attempting to gain access through a metaphorical thermal exhaust port vulnerability. This isn’t always the case, and in fact, the greatest threat to any network is the users themselves or what we professionals call them, insider threats. According to Security Magazine, “Insiders have a unique opportunity to cause harm because a corporation’s internal security measures typically are easier to bypass than externally focused perimeter defenses. By operating from within a company’s offices and networks, insiders not only have enhanced access to their target, they also have the ability to observe technical gaps and lapses in policy enforcement, and to discover where the crown jewels are located. Insider risk also includes well-intentioned employees whose conduct unwittingly causes or contributes to a security incident.” The insider threat knows where your company takes the shortcuts, they have the keys to kingdom.
3: As long as the data is protected, the system is secure
This is another common misconception of cyber-security. Most people think that as long as the data is perceived as secure, the company is protected. This isn’t necessarily true as one of the biggest threats in today’s cyber-realm is the Denial-of-Service (DoS) attack or the more dangerous variant Distributed Denial-of-Service (DDoS) attack. This common attack vector utilizes spamming a website or web server with floods of seemingly legitimate traffic until the website can no longer handle it and shuts down. The infamous hacktivist group Anonymous has used this method to shut down many websites and can be very hard to counter.
4: If a company gets hacked, they must have been doing something wrong
This is one of the myths I hear all the time. While there are definitely instances where a company’s security team was not taking due care when it came to protecting its network from outside attacks, the majority of attacks that are major attacks come against well-protected networks. The fact is, no network is 100% secure and with enough time, effort, and resources, any network will be breached eventually. A recent example of this is the JP Morgan hack, where a system that was very secure was hacked and the damage wasn’t discovered for nearly three months. The Ponemon group reported that on average it takes nearly 80 days for a breach to be discovered.
5: If I use an Apple product, my data is secure
Another crazy misconception here is the perception that Apple products are not targeted for hacking. While at one time, this might have been more fact than myth, Apple product targeting has spiked significantly and this is mostly because of the popularity of them. “Apple believes the hackers who penetrated its network…gained access to their targets’ machines using an infected developer’s website that exploited a vulnerability in Java; Apple says the same trick was used to access its employees’ machines.” Apple’s success has been its own worst enemy in regards to cyber-attacks. The Apple iOS is now one of the most targeted systems on the market and this will not change any time soon.
Other High Profile Breaches:
Experian (includes T-Mobile)
Tesla and Chrysler (unrelated to each other)
Apple App Store
U.S. Office of Personnel Management (OPM)
Kaspersky & FireEye (unrelated to each other)
Excellus Blue Cross Blue Shield
Ashley Madison (follow up)
Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.
Be sure to subscribe to this blog and to our Podcast.
If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.