Busting 7 Common Cyber Security Myths

By Eric Peterson, Director of Cyber Security Operations - 3 Apr, 2024
Cyber Security
4 Minutes Read

Cyber security myths can mislead individuals and organisations, hindering effective defence strategies. This article debunks seven common misconceptions, emphasising the necessity of informed approaches backed by relevant data and real-world examples in navigating this evolving landscape.


Myth 1: Changing your passwords frequently will stop hackers.

Debunked: New guidance suggests that regularly updating passwords might not enhance security as once believed.

Research, including a study by the FTC, reveals that frequent changes often lead to weaker passwords or slight modifications, which can be easily guessed by attackers. The National Institute of Standards and Technology (NIST) now advocates for strong, unique passwords, changing them only in case of a breach. Additionally, enabling Multi-Factor Authentication (MFA) and utilising a Password Manager are recommended practices.


Myth 2: Security is unimportant since attacks against huge organisations recur regularly anyway.

Debunked: This perspective overlooks the multitude of daily successful cyber defence efforts.

Large companies, targeted for their valuable data, often thwart cyber incidents that don’t make headlines. Robust security measures drastically reduce the likelihood of successful attacks. AT&T’s 2022 Cyber security Insights Report highlights that 63% of businesses lack adequate cyber security budgets, widening vulnerabilities. Moreover, Cyber security Ventures predicts global cybercrime costs to reach $10.5 trillion annually by 2025, underlining the urgency for bolstered cyber security measures.


Myth 3: Antivirus software is adequate protection.

Debunked: Antivirus software, though crucial, isn’t a cure-all for cyber threats.

Modern attacks often bypass it, requiring additional security measures like IPS, EDR, NDR, NextGen Firewalls, encryption, MFA, and staff training. ESET’s survey reveals that 39% of organisations encountered attacks that circumvented their antivirus in the past year.


Myth 4: Cyberattacks cannot affect your building’s physical systems.

Debunked: As digital and physical systems intertwine through the Internet of Things (IoT), physical infrastructure like HVAC and access control systems faces heightened cyber risks.

A Fortinet survey found that 90% of organisations encountered at least one operational technology intrusion in the past year, often impacting physical systems.

With IoT and operational technology (OT) devices expanding across industries, robust cyber security and continuous monitoring are essential. Safeguarding these systems is crucial to mitigate cyber threats and protect operational continuity and data integrity. The prevalence of networked devices in critical infrastructure underscores the importance of security measures, especially against common threats like stolen building access cards. 


Myth 5: Small businesses are not targeted by hackers.

Debunked: Contrary to popular belief, small firms are not immune to cyberattacks; in fact, they are more vulnerable.

Accenture reports that 43% of online attacks target small businesses due to their perceived vulnerability. With limited cyber security resources, these companies become attractive targets for cybercriminals seeking easy access to their systems.


Myth 6: Cyber security falls solely within the domain of the IT department.

Debunked: Cyber security is a collective responsibility across the company, extending beyond the IT department.

Phishing attacks exploit human error, emphasising the need for comprehensive defence strategies. Educating all employees on cyber security protocols, like identifying suspicious emails and creating secure passwords, is crucial. IBM’s study revealed that human error contributed to 95% of cyber security incidents, underscoring the importance of widespread cyber security awareness. 


Myth 7: A strong perimeter is all that is needed to safeguard your network.

Debunked: Relying solely on perimeter defences overlooks insider threats and advanced phishing attacks.

Implementing a zero-trust security architecture, where every person and device is verified before access, enhances data and system security. The 2022 Verizon Data Breach Investigations Report revealed that 25% of breaches involved internal actors, emphasising the importance of internal security controls alongside perimeter defences. 

Final Thoughts

Dispelling cyber security myths is crucial for effective security planning. As cyber threats evolve, our knowledge and strategies must also adapt. Organisations and individuals can boost their resilience against attacks by following current best practices and comprehensive security frameworks. Sustaining an edge in the ongoing battle for digital security demands a culture of continual learning and adaptability.

New Era Technology Can Help!

Our Cyber Security Services are tailored to strengthen your organisation’s defences against cyber threats. Whether you require proactive threat mitigation, enhanced monitoring, or comprehensive security measures, our team is equipped to assist you. Explore our Cyber Security Services on our website or reach out to us at solutions@neweratech.com for further assistance.

Author: Eric Peterson, Director of Cyber Security Operations