Thankfully, businesses are now more aware than ever of cyber threats and are starting to take cybersecurity very seriously. PwC found that nearly 64% of UK CEOs are concerned about how cyber threats could harm their ability to sell products and services.
Indeed, taking into proper account your organisation’s cybersecurity is a vital part of running a modern business. This keen focus on abating cyber threats, however, had led to many cybersecurity myths becoming commonplace.
Believing these ill-informed cybersecurity myths could leave your business vulnerable to threats and may render your security infrastructure ineffectively.
What are the top cybersecurity myths you should be aware of in 2022? In this article, we’ll debunk some of the biggest misconceptions about digital security.
We understand why some small business owners feel like cybersecurity isn’t important to them. Cybersecurity can be a big investment for smaller firms and start-ups and many decision-makers would prefer to spend that money on other sections of the business.
However, there’s no truth in the misconception that hackers don’t target small businesses. In fact, a report from Barracuda found that cybercriminals are up to three times more likely to target small businesses than larger firms.
Why? Hackers smaller businesses as ‘low-hanging fruit’ and target their inadequate security infrastructure and take advantage of insufficient security training for staff for social engineering attacks.
Furthermore, the lasting damage of cyber attacks to smaller businesses is greater than for enterprises. 60% of small businesses fail within six months of a cyber attack or data breach.
Firewalls and antivirus software are a brilliant first line of defence for your digital infrastructure – but attacks can and will get through them. A holistic cybersecurity strategy will need to use other methods of protection such as backups, cybersecurity awareness training and two-factor authentication.
First of all, antivirus software and firewalls are only effective if they’re regularly updated and configured correctly. Not quite sure how to make sure they’re running effectively? We recommend working with a Managed Service Provider (MSP) like ours to configure your security infrastructure for you
Secondly, antiviruses and firewalls can only protect your business from malicious software and intrusions. They’re less effective at preventing social engineering attacks such as phishing scams, mishandled login credentials or internal threats. We’ll cover what’s needed to prevent these attacks later on!
A common misconception is that only the tech-illiterate fall for phishing attacks and that cyber awareness training is a waste of time for those who are “good with computers.”
In reality, this just isn’t the case. Phishing attacks – especially those specifically targeting your business for espionage – are becoming increasingly more convincing.
One of the most common forms of phishing is a spear phishing attack – where attackers use gathered intel about your business to make the email (or phone call) look legitimate. Over 65% of targeted attacks are done this way.
They commonly ask for payment or urgent action for a convincing reason. Attacks may also spoof a legitimate email – for example, a manager, the CFO or CEO.
Businesses need to train their staff on spotting phishing attacks and what sorts of emails to be suspicious about. However, even then, some phishing attacks may be too convincing to spot. For that reason, you’ll also need an email filter actively looking for possible phishing scams.
A strong password policy is a cornerstone of a cybersecurity strategy. However, there are some other considerations to make other than having a long, complex password:
Insider threats pose just as much of a concern as external threats – if not, more as they’re difficult to protect against. According to Gurugul, 98% of companies are concerned about insider threats whilst only 11% believe they’re well protected from them.
Internal threats fall into three broad categories:
Negligent insider threats are when an employee or executive negligently exposes your business to a cyber vulnerability – but unintentionally (or at least without malice). This is is the most common insider threat.
These types of threats can be prevented through cyber awareness training or a Data Loss Prevention program.
Stolen credentials involve the loss of credentials – mainly through social engineering attacks such as phishing. Protecting from these attacks involves awareness training, two-factor authentication and suspicious activity detection.
The least common type of insider threat is the malicious insider attack – where an employee or business partner causes damages or steals data intentionally. This is by the hardest to protect from as companies generally assume all their employees aren’t out to sabotage them.
The best way to protect from this is by enforcing strict access permissions (and ensuring employees can only access the data they need) and using data loss prevention (DLP) and monitoring tools.
These steps prevented a huge data incident in October 2021 when a Pfizer employee uploaded 12,000 confidential files to a Google Drive account – according to Reuters. This suspicious activity was detected and prevented by DLP software. Turns out, the employee had accepted a job offer from competitor Xencor, and this was attempted espionage.
Cybersecurity infrastructure is a long, complex process. However, the return on investment (ROI) of cybersecurity projects is immense due to security expenses avoided is immense.
For instance, according to IBM’s Cost of a Data Breach Report 2021, the average cost of a data breach is $4.24M! That’s why we highly recommend upgrading your security infrastructure and protecting your business from increasingly dangerous cyberattacks.
Want to learn how we can help you secure your business? Looking to deliver effective cyber awareness training? Want to explore what software solutions are best for protecting your business?
Get in touch with us today and see how we can level up your business’s cybersecurity.