Debunking 7 Common Cybersecurity Myths

By Eric Peterson, Director of Cyber Security Operations - 28 Feb, 2024
Cyber Security
5 Minutes Read

Myths and false beliefs about the rapidly evolving topic of cybersecurity can significantly impact how individuals and organizations approach to cyberdefense. Despite technological advances and expanding understanding, inadequate protocols and a lack of security solutions are often caused by a few fallacies. This article aims to debunk seven of the most pervasive myths regarding cybersecurity by highlighting the importance of a thorough, informed approach using relevant statistics and anecdotes.

Cybersecurity Myth 1: Changing Your Passwords Frequently Will Stop Hackers

Debunked: Although it was previously thought to be a sound practice to update passwords regularly, new advice indicates that doing so may compromise security. When compelled to change their passwords frequently, users often construct simpler or slightly modify old ones, making password guessing easier for attackers. This behavior was observed in a study by the FTC where users created weaker passwords and made minor, predictable modifications to their existing passwords. These days, the National Institute of Standards and Technology (NIST) suggests making strong, one-of-a-kind passwords and changing them only if there is proof of a breach. It’s also recommended to enable MFA everywhere and utilize a Password Manager.

Cybersecurity Myth 2: Attacks Against Large Organizations Recur Regularly; So, Security Is Not Important

Debunked: This pessimistic outlook ignores the innumerable attacks that are successfully repelled daily. Large companies are targeted specifically because they have valuable data, yet most cyber incidents that are successfully prevented are not as dramatic as the breaches that make headlines. Strong security measures lower the likelihood of a successful attack considerably. 63% of businesses do not have an adequate cybersecurity budget, according to AT&T’s 2022 Cybersecurity Insights Report. Lack of sufficient infosec investment widens vulnerabilities. Additionally, Cybersecurity Ventures predicts that Worldwide cybercrime costs are estimated to hit $10.5 trillion annually by 2025, emphasizing the need for enhanced cybersecurity measures.

Cybersecurity Myth 3: Antivirus software is adequate protection.

Debunked: While antivirus software is essential for identifying and eliminating harmful software, it is not a panacea for all cybersecurity risks. Contemporary cyber-attacks are getting increasingly sophisticated, frequently using methods that get around conventional antivirus software. IPS, EDR, NDR, NextGen Firewalls, encryption, multi-factor authentication, and employee training are all essential components of comprehensive security measures that cover the variety of potential attack routes. According to a survey by ESET, 39% of organizations reported experiencing a cyber-attack that evaded their antivirus software in the past year.

Cybersecurity Myth 4: Cyberattacks Cannot Affect Your Building’s Physical Systems

Debunked: Physical infrastructure, such as HVAC and access control systems, is becoming more susceptible to cyberattacks due to the growing interconnectedness of digital and physical systems, particularly with the emergence of the Internet of Things (IoT). A survey by Fortinet found that 90% of organizations experienced at least one operational technology intrusion in the past 12 months, with many incidents impacting physical systems.

Strong cybersecurity protection and ongoing monitoring are critical as Internet of Things (IoT) and operational technology (OT) devices proliferate throughout industries. To protect against potential cyber threats and reduce risks to operational continuity and data integrity, it is crucial to ensure the security of these systems, given the proliferation of networked devices in critical infrastructure. The use of stolen building access cards is the most common type of threat.

Extra Myths

Cybersecurity Myth 5: Small Businesses Are Not Targeted by Hackers

Debunked: Despite the common misconception that small firms are too small to be targeted by hackers, data indicates they are more vulnerable. According to Accenture, 43% of all online attacks are targeted at small businesses as they’re seen as easy targets by attackers. Because they usually have fewer resources available for cybersecurity, smaller companies are more appealing to cybercriminals searching for simple ways to acquire access to their systems.

Myth 6: Cybersecurity Is the Exclusive Purview of the IT Department

Debunked: Everyone in the company has a shared responsibility for cybersecurity beyond the IT department. Phishing attacks, for example, use people’s mistakes as a means of system access. Developing a thorough defensive strategy requires educating every employee on the significance of cybersecurity procedures, such as recognizing dubious emails and establishing secure passwords. A study by IBM found that human error was a contributing cause in 95% of all cybersecurity incidents, highlighting the importance of cybersecurity awareness across all employees, not just IT staff.

Cybersecurity Myth 7: A Strong Perimeter Is All That Is Needed to Safeguard Your Network

Debunked: The possibility of insider threats and the existence of sophisticated phishing and social engineering assaults that get past exterior defenses are ignored when perimeter defenses are the only thing on the radar. Securing an organization’s data and systems can be accomplished more successfully by implementing a zero-trust security architecture, in which every person and device is validated before access. According to the 2022 Verizon Data Breach Investigations Report, 25% of data breaches involved internal actors, highlighting the need for internal security controls beyond perimeter defenses.

Final Thoughts

Dispelling these myths about cybersecurity is essential to creating security plans that work. Our knowledge of and strategies for cybersecurity must change as cyber threats do. Organizations and people can significantly increase their resistance against cyber-attacks by making decisions based on up-to-date best practices and thorough security frameworks. Maintaining an advantage in the never-ending fight for digital security requires adopting a culture of constant learning and adaptability.

New Era Technology & SecureBlu Can Help!

New Era’s SecureBlu portfolio of Security Services includes a Managed Detection and Response (MDR) service that maintains optimal security posture by continuously minimizing the attack surface and improving visibility via enhanced monitoring and response. If you want to learn more about how your organization can prevent, detect, and maintain threats through SecureBlu, please visit our MDR page for datasheets or email us at

Author: Eric Peterson, Director of Cyber Security Operations

© 2024 New Era Technology  |  Privacy Policy   |  Cookie Policy   |  License Number: MA 7190-C