4 min read

10 Cybersecurity Myths That Criminals Love

Silviu STAHIE

October 03, 2019

10 Cybersecurity Myths That Criminals Love

Amid the complexity of cybersecurity and the secrecy of criminal hackers, security threats have acquired an aura of mysticism, giving rise to enduring legends, rumors, misperceptions and outright myths. In the cybersecurity space, these myths are almost always damaging. Watching from the murky underworld, attackers can find the people and businesses that believe these myths, then they strike.

Belief in myths can be harmless. But when that belief leaves you with a stolen credit card or a compromised corporate network, the consequences are all too real. Here are some common myths that plague cyberspace, and solutions to deal with them.

1.     This can”t happen to me. People and companies often feel there”s safety in numbers. But, while a crowd may create the illusion that few users are affected, the hard data is worrying. Viruses, malware, and other threats are steadily increasing in complexity and number, which means the chance an unprotected device will be compromised is always growing.

2.     I have a strong password; I”m safe. A strong password is recommended, but users shouldn”t bank on it. Strong passwords can be leaked too. It”s good practice to change them regularly, and a password manager should be a common tool.

MFA (multi-factor authentication) and 2FA (two-factor authentication) are great ways to bolster security. Adding another layer of protection by requesting a code from a linked MFA app or a confirmation email keeps users secure if their usernames and passwords are leaked.

3.     I never browse online in unsafe locations, so I can”t get infected. Trying to stay safe by carefully browsing the Internet is commendable, but it only lowers the risk – it doesn”t eliminate it. Even well-known websites can fall victim by displaying third-party ads infected with malware, which in turn try to infect visitors to the website.

Attackers can compromise a system in other ways, and users don’t even have to open an Internet browser. Emails are the most common culprit for infections, but if your device is unprotected or out of date, sometimes it’s enough to turn it on.

Of course, installing a security solution offers the best protection in this situation, along with an up-to-date browser that can defeat the latest online threats.

4.     Security costs too much. Individuals and small companies who think security solutions are too expensive don”t usually consider the downside costs. Losing precious data can be a lot more costly than using antivirus software or a dedicated enterprise security solution.

5.     My data is not all that important; it doesn”t matter if I”m hacked. It”s easy to think you hold nothing of value for hackers, but that”s often an illusion. A user name and password to an email can be used in nefarious ways, especially since people tend to re-use the same credentials for most of their services, such as banking.

An attack by ransomware (malware designed to encrypt data for extortion) is the quickest, most devastating way to get users to rethink the idea that their data holds no value. Suddenly, your family photo collection is encrypted in a ransomware attack, and you”re asked to pay a large sum of money to get them unlocked, or it”s lost forever. Now, the attackers decide how much your data is worth.

Hacking is not always about theft. Systems can be compromised for other purposes, like for coordinated attacks against other targets.

6.     I have an antivirus; I don”t need anything else. There used to be a time when having a simple antivirus solution was more than enough to secure an endpoint, but those times are long gone. The complexity and multitude of attack vectors today require a more pro-active approach that can”t rely solely on a piece of software.

Modern phishing attempts, aimed mostly at the enterprise sector, are based on social engineering and human error. Such efforts might succeed in enterprise environments that are not adequately protected.

7.     I would know if my computer or phone is infected. Unsecured computers typically don”t exhibit symptoms at first glance. People don”t know when someone controls their webcam, when someone gains access to their email or bank account, or when their computer is used as a zombie in a coordinated attack against other targets.

Only truly devastating / directed attacks, such as ransomware, will be immediately visible. In most cases, nothing visually happens when a computer or device is hacked. Most of the time, you get no big red neon sign flashing when a computer, network, or website is compromised. Hacking is a silent crime that wants very much to remain in the dark.

8.     Securing the network and computers might not be enough. Many threats come from the outside world, from people who are trying to get into a system. Security issues can emerge from unusual places, such as unpatched wearable or IoT devices that are already authenticated into a network.

9.     Phishing is not dangerous, and I can spot it from a mile away. Phishing is a tried and true method of obtaining stealing victims” data. Usually, it involves a replica of a known public or private service. But it can be hidden well enough in an email or website that someone will inevitably fall prey to it. Users must always be wary of the links they open, and never imagine that they might be above deceit.

10.  I don”t even have a computer; I can”t be hacked. In today”s world, anything that has a semblance of an operating system presents a possible target. Just because someone doesn”t have a computer, it doesn”t mean that other devices are not exposed. Hackers can go after phones, routers, and even a smart TV. Security is about protecting all endpoints, no matter what they are.

Cybersecurity myths are a real threat because they tend to prompt users to ignore real threats, helping bad actors get your data, or simply to wreak havoc. Knowing that myths are merely illusions is the first step toward a safer life online.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read