Debunking 7 Common Cybersecurity Myths

By Eric Peterson, Director of Cyber Security Operations - 7 Mar, 2024
Physical Security
5 Minutes Read

Myths and false beliefs about the rapidly evolving topic of cybersecurity can significantly impact how individuals and organisations approach cyberdefense. Despite technological advances and expanding understanding, inadequate protocols and a lack of security solutions are often caused by a few fallacies. This article aims to debunk seven of the most pervasive myths regarding cybersecurity by highlighting the importance of a thorough, informed approach using relevant statistics and anecdotes.

Myth 1: Changing Your Passwords Frequently Will Stop Hackers

Debunked: Although it was previously thought to be a sound practice to update passwords regularly, new advice indicates that doing so may compromise security. When compelled to change their passwords frequently, users often construct simpler or slightly modified old ones, making password guessing easier for attackers. This behavior was observed in a study by the FTC where users created weaker passwords and made minor, predictable modifications to their existing ones. These days, the National Institute of Standards and Technology (NIST) suggests making strong, one-of-a-kind passwords and changing them only if there is proof of a breach. It’s also recommended to enable MFA everywhere and utilise a Password Manager.

Myth 2: Attacks Against Large Organisations Recur Regularly; So, Security Is Not Important

Debunked: This pessimistic outlook ignores the innumerable attacks that are successfully repelled daily. Large companies are targeted specifically because they have valuable data, yet most cyber incidents that are successfully prevented are not as dramatic as the breaches that make headlines. Strong security measures lower the likelihood of a successful attack considerably. 63% of businesses do not have an adequate cybersecurity budget, according to AT&T’s 2022 Cybersecurity Insights Report. Lack of sufficient infosec investment widens vulnerabilities. Additionally, Cybersecurity Ventures predicts that Worldwide cybercrime costs are estimated to hit $10.5 trillion annually by 2025, emphasising the need for enhanced cybersecurity measures.

Myth 3: Antivirus software is adequate protection

Debunked: While antivirus software is essential for identifying and eliminating harmful software, it is not a panacea for all cybersecurity risks. Contemporary cyber-attacks are getting increasingly sophisticated. Frequently using methods that get around conventional antivirus software. IPS, EDR, NDR, NextGen Firewalls, encryption, multi-factor authentication, and employee training are all essential components of comprehensive security measures that cover the variety of potential attack routes. According to a survey by ESET, 39% of organisations reported experiencing a cyber-attack that evaded their antivirus software in the past year.

Myth 4: Cyberattacks Cannot Affect Your Building’s Physical Systems

Debunked: Physical infrastructure, such as HVAC and access control systems, is becoming more susceptible to cyberattacks due to the growing interconnectedness of digital and physical systems, particularly with the emergence of the Internet of Things (IoT). A survey by Fortinet found that 90% of organisations experienced at least one operational technology intrusion in the past 12 months, with many incidents impacting physical systems.

Strong cybersecurity protection and ongoing monitoring are critical as Internet of Things (IoT) and operational technology (OT) devices proliferate throughout industries. To protect against potential cyber threats and reduce risks to operational continuity and data integrity, it is crucial to ensure the security of these systems, given the proliferation of networked devices in critical infrastructure. The use of stolen building access cards is the most common type of threat.

Myth 5: Small Businesses Are Not Targeted by Hackers

Debunked: Despite the common misconception that small firms are too small to be targeted by hackers, data indicates they are more vulnerable. Because they usually have fewer resources available for cybersecurity, smaller companies are more appealing to cybercriminals searching for simple ways to acquire access to their systems.

Myth 6: Cybersecurity Is the Exclusive Purview of the IT Department

Debunked: Everyone in the company has a shared responsibility for cybersecurity beyond the IT department. Phishing attacks, for example, use people’s mistakes as a means of system access. Developing a thorough defensive strategy requires educating every employee on the significance of cybersecurity procedures, such as recognising dubious emails and establishing secure passwords. A study by IBM found that human error was a contributing cause in 95% of all cybersecurity incidents, highlighting the importance of cybersecurity awareness across all employees, not just IT staff.

Myth 7: A Strong Perimeter Is All That Is Needed to Safeguard Your Network

Debunked: The possibility of insider threats and the existence of sophisticated phishing and social engineering assaults that get past exterior defenses are ignored when perimeter defenses are the only thing on the radar. Securing an organisation’s data and systems can be accomplished more successfully by implementing a zero-trust security architecture, in which every person and device is validated before access. According to the 2022 Verizon Data Breach Investigations Report, 25% of data breaches involved internal actors, highlighting the need for internal security controls beyond perimeter defenses.

New Era Technology Can Help!

New Era’s SecureBlu portfolio of Security Services includes a Managed Detection and Response (MDR) service that maintains optimal security posture by continuously minimising the attack surface and improving visibility via enhanced monitoring and response. If you want to learn more about how your organisation can prevent, detect, and maintain threats through SecureBlu, please contact us.

Author: Eric Peterson, Director of Cyber Security Operations

ISO-IEC 27001 certification
Cyber essentials
Microsoft partner

About us

New Era Technology's managed services, cloud, collaboration, data networking, security solutions help more than 20,000 worldwide customers adapt to a rapidly changing digital world, increase productivity and enhance learning experiences.


Stay in touch

Email us to get interesting news and updates delivered to your inbox.

© 2024 New Era Technology  |  Privacy Policy   |  Cookie Policy   |  Modern Slavery Statement