Nearly 80% of organizations rank cyber risk as a top concern according to Microsoft. However, truly understanding cyber risk can be confusing for organizations, especially when there are several myths being spread about security. Some of these myths can negatively impact a business because they uphold false assumptions about security. This can lead those who believe in these myths to falling victim to cyber incidents or put their security in jeopardy. Here are 5 common cybersecurity myths you need to stop believing. 

Source: Microsoft

1. A breach will never happen to me

Some organizations might feel that they are too small to be targeted or think that their industry doesn’t experience cyber attacks. However, hackers will target any organization if they feel they can get access to data or some sort of financial reward. While the headlines often focus on data breaches that affect large companies, a simple Google search will bring up several instances where hackers have also targeted local schools, hospitals, municipalities, charities, manufacturers, etc. Small to medium businesses often lack the resources to secure their infrastructure, making them seem like easy targets to hackers. Research from Verizon found that 43% of breaches involved small businesses. Just because you haven’t been breached yet doesn’t mean that it will never happen.  Organizations need to realize that no one is immune to the threat of a cyber attack and should be prepared to respond to a breach.

2. My current cybersecurity setup is already good enough

Depending on your security needs and whether you’ve recently conducted an assessment to validate your current IT environment, your setup might be good for the moment. However, new threats are emerging daily, and your current security setup might not be equipped to combat the threats of tomorrow. And as technology evolves, you run the risk of having outdated systems that are no longer supported. The security landscape is complex and ever changing, which means you need to be proactive. Security is an ongoing process and the “set and forget” approach is not sufficient. You should supplement your infrastructure with security solutions that protect the different aspects hackers target (such as email, endpoints, etc.) and ensure that these solutions are constantly updated with the latest patches.

3. Security is IT’s problem, not mine

The business impacts of a data breach show that security affects the entire organization. Any employee can be the target of a hacker, especially those who handle sensitive information, such as those in the finance department. Every employee must be responsible for safeguarding themselves and upholding the security standards of an organization. By not training all employees on cyber risks, you increase your chance of falling victim to a preventable error (such as an employee falling victim to a phishing attack).

4. I’ll know if I’ve been attacked

Unlike a physical breach, a cyber breach is harder to detect. Hackers don’t leave broken locks or smashed windows when they break into your system. In fact, a cyber criminal can remain hidden in a network for months or even years, and organizations will usually not realize they’ve been breached until after the damage has been done. According to research by the Ponemon Institute, the average time it takes for an organization to detect a breach is about 6.5 months (197 days). In most cases, a computer will continue to act normally after being hacked or injected with malware. Cyber criminals don’t want to get caught before they’ve managed to extract data or whatever else they’re after. Only in attacks like ransomware, where the hacker wants you to know you’ve been hacked, will it be immediately obvious.

5. If it has a password, it’s already secure

While having a strong password is a good foundation for security it doesn’t guarantee full security. Stolen passwords can be easily found on the dark web after a data breach. Since many people reuse the same passwords, hackers can easily use them to access corporate accounts. This is why it’s important to use an additional verification step in addition to a password.

Similarly, public password protected WiFi can also be unsafe if a hacker has knowledge of the password. WiFi passwords mainly limit the number of users per network which means that others using the same password (such as a hacker) can potentially view the data being transmitted within the network. This is why it’s important to use a VPN when using public WiFi.