Myths about cybersecurity

mitos de la ciberseguridad

Information about cybersecurity is very important, since attacks on the Internet are continuously growing and there are still many misconceptions about it. In this article we are going to discuss the most important myths about cybersecurity.

Cyber ​​criminals are external attackers

Despite the belief that external attackers within organizations are to be feared, the most significant cybersecurity breaches are often the result of internal attackers working alone or in conjunction with external hackers. These insider attackers can be part of well-organized groups, even supported by states or nations.
Insider threats are on the rise and can include employees, vendors, contractors, business partners, or outside intruders posing as a worker. Such insider threats are responsible for 60% of data breaches that occur today.

Vulnerabilities, attack vectors and risks are known

The risk exposure surface is continually expanding with thousands of new application and device vulnerabilities emerging every day. Security breaches due to human error, caused by negligent employees or contractors, are also increasing.
Cybercriminals find new attack vectors all the time, including Linux systems, operational technology (OT), Internet of Things (IoT) devices, and cloud environments.
In short, it is very difficult to be aware of all the attack vectors that can be targeted.

My sector is safe

All industries have their share of cybersecurity risks, as cybercriminals exploit the communication network needs that exist in almost every organization, both public and private. For example, ransomware attacks are targeting more industries than ever before, including local governments and non-profit organizations. On the other hand, threats to supply chains, government websites and critical infrastructure have also increased. Anything that has a presence on the Internet can be attacked.

Too much security decreases productivity

There is a belief that increased security makes it even more difficult for employees to access what they need for their daily work. Although strict security policies can slightly hinder productivity at work, removing them can have dire consequences. A successful ransomware or DDoS attack can bring a business to a standstill for days and sometimes weeks.

Cybercriminals only attack large companies

Small and medium-sized companies are one of the main targets of hackers, because only 14% of them are prepared to defend themselves, as opposed to large companies that usually have more security measures deployed.
Small and medium-sized businesses are generally more worth attacking for cybercriminals because they have less security, so they could more easily sneak ransomware into them and then demand ransom for the files.

An antivirus and antimalware is enough

Antivirus and antimalware software is a good starting point for end users. However, it only protects one entry point. Hackers have many ways to infiltrate networks with targeted phishing attacks and ransomware, something that would encrypt all company data and its servers.
Despite the fact that the chances of being infected with a good antivirus are really low, malware creators are becoming more and more sophisticated. It may happen that the antivirus will update the detection of that virus or malware after the user has already been infected, making it ineffective.
Therefore, a comprehensive security solution is needed, such as a web application firewall and an intrusion detection and prevention system trained to detect any possible attack, known through signatures or unknown through heuristics. Thanks to this, threats can be continuously monitored and end-to-end protection provided at all times.

Cybersecurity is too expensive

Cyberattacks cost companies millions, yet companies still wonder if cybersecurity investments are worth it. Data security is often overlooked at the cost of a data breach or theft, which is typically in the millions of dollars. To this must be added the damage of loss of reputation and loss of customers that can be caused to companies.
In this regard, the costs of a good cybersecurity solution will be much lower than if a successful cyberattack occurs. When it comes to cybersecurity, it should not be considered as an expense, but as an investment because our business will be more protected from any possible attack.

I don’t need cybersecurity because I’ve never had an attack

In the event that you have never had a computer attack, it is most likely that you have not been aware of it or that you do not know the extent of the damage produced. You have to seriously analyze it and avoid taking the risk. The threats and techniques of cybercriminals are becoming more sophisticated and undetectable.

Covering the computer webcam is nonsense

It may seem like a “low-tech” solution, but that doesn’t mean it’s useless. A simple band-aid, sticker or post-it is the most effective measure against webcam hacking.
Keep in mind that not only the laptop/computer camera can be hacked, but also the tablet, iPad or mobile phone, so we recommend that you also use security measures on the cameras of these devices.

I have a Mac and Macs don’t have viruses

The reality is that the increase in the use of any Apple product, such as its Mac computers, has made these devices a striking target for hackers and more and more Trojans are attacking the platform and, from time to time, some malicious software in the AppStore.

Only computers have viruses

Any device with an operating system that governs it is susceptible to an attack or an infection. Mobile malware, which can attack smartphones, tablets and other mobile devices, increased by 58% over the past year. These malicious programs can steal information such as phone numbers or email addresses, and even use the device’s GPS to track the user.

Only disreputable sites are unsafe

61% of the websites that can spread “malware” are legitimate portals that have been infected and compromised with malicious code. Business, technology and shopping portals are in the top 5 types of websites with the highest number of infections.

I don’t see anything weird on my device, so I don’t have any malware

Do not expect that if your device has a virus, a full screen image will appear that says “HELLO I AM A VIRUS AND I AM INFECTING YOU”. Even the most simple and minimalist of programs can hide vulnerabilities and security holes and, therefore, host viruses. That is why it is important to always update the device and antivirus software.

Who is going to want to hack me?

The automation of crime and the bots carry out constant raids on the Internet in search of new victims whom they can infect. Even if you’re not famous, or trying to blend in online, the wide variety of illegal activity software can challenge your computer’s security.
In addition, the volume of fraudulent phishing emails being sent each day is so high that it is very likely that sooner or later you will receive a fake message. While users who use the Internet frequently are more likely to become victims, anyone who uses the Internet is vulnerable to threats.
The target is often not you, but your machine. Huge botnets of zombie nodes are created with the infected devices, which at the moment their controller wants to carry out an attack and they start working, it can be millions of devices that trigger a DDOS attack and your device will be one of them.

Conclusions

Cybersecurity is a continuous process of adaptation in which we must constantly update ourselves to prepare for new threats. In this regard, we should never abandon the security of our company, business or digital device for daily use.
There is no maximum security but minimum insecurity. The cybersecurity landscape is advancing and it is necessary to have constant good security practices such as:
• Review security policies periodically.
• Perform security audits.
• Have the devices continuously updated.
• Invest in new security measures to the extent possible.

Finally, the biggest security hazard for cybercriminals to attack your digital devices is misinformation. It is very important to stay informed about security best practices as much as possible.