Myths and misconceptions around cybersecurity are significantly increasing and impacting small-to-medium-sized enterprises (SMEs), leaving them vulnerable to cyber-attacks.
Our research into various cybersecurity myths, using data collected from the UK government and the National Cyber Security Centre (NCSC) website, presented some shocking findings.
Still, in 2024, smaller companies are ignoring the importance of cybersecurity.
To maintain a secure and resilient digital environment, it is essential to debunk numerous myths about cybersecurity and adopt a realistic, fact-based perspective on cybercrime and security risks.
In this detailed blog post, we will debunk the most talked about cybersecurity myths and misconceptions of 2024 and provide the facts behind these myths.
So, let’s delve into these myths!
Reality: While having cyber security tools is important, simply having more tools doesn't necessarily equate to a secure computer system.
The key is having the right tools that are properly configured and integrated into a comprehensive cybersecurity strategy. Over-reliance on tools without proper understanding and management can lead to gaps in system security.
Facts: According to research by PwC, only 38% of UK companies are highly confident in their ability to manage cybersecurity risks, despite increased investment in cybersecurity tools.
Reality: Phishing scams are becoming increasingly sophisticated, making them harder to detect.
While some phishing attempts may be obvious, others can be highly convincing, with social engineering tactics like QR phishing scams, SIM swapping etc. emerging as new threats.
Proper cybersecurity training and awareness programmes are crucial to help users recognise and respond to these latest phishing attempts effectively.
Facts: According to the Independent Advisor, a 2023 study by the UK government – which surveyed 2,263 UK businesses and 1,174 charities – reported that 79% of UK businesses and 83% of charities faced phishing attacks in the last 12 months.
This led to business costs and reputational damage, with the cost of paying legal fees to make things right.
Reality: While having a skilled cybersecurity workforce is essential, it's not a standalone solution to cybersecurity problems.
Effective cybersecurity requires a combination of other factors like skilled employees, robust processes, and appropriate technologies.
Additionally, cybersecurity is an ongoing effort that requires continuous monitoring, adaptation, and improvement.
Facts: According to the report published by the Department for Science, Innovation and Technology, around 50% of UK businesses face a shortage of basic cybersecurity skills, while 33% struggle with a lack of advanced skills.
Reality: Personal devices may not have the same level of security controls as corporate-owned devices, potentially being compromised by exposing sensitive data to hackers.
Implementing security measures such as evaluating contingency plans, device encryption, mobile device management, and regular security audits can help employees defend themselves from hackers.
Facts: SlashNext's 2023 Mobile BYOD Security Report reveals that 71% of employees have sensitive work information on their personal devices, of which 43% were the target of phishing attacks.
Reality: Cybersecurity is an ongoing process that requires continuous attention and investment.
Regular risk assessments, security policy and procedure updates, employee training, adding two-factor authentication for strong passwords and proactive monitoring are all essential components of effective cybersecurity for a business.
Facts: According to the Cyber Security Breaches Survey conducted by the UK government, 32% of UK companies and 24% of charities recall any breaches or attacks from the last 12 months.
Reality: Many employees believe their passwords are strong when they may be weak and easily guessable. Common pitfalls include using easily guessable passwords, reusing the same password across multiple accounts, and neglecting to update passwords regularly.
Passwords can also be stolen through various means, such as phishing emails, keylogging malware, or data breaches.
Implementing password managers, two-factor authentication (2FA) or multi-factor authentication (MFA) adds an extra layer of security by requiring additional verification beyond strong passwords, significantly reducing the risk of gaining access by external threats.
Applying strong password policies, such as using complex character combinations, and enforcing regular password changes, can enhance the business' security posture.
Facts: Research by the National Cyber Security Centre (NCSC) found that "123456" was the most commonly used password in the UK, highlighting the prevalence of weak passwords.
Additionally, the NCSC reported that 23.2 million accounts worldwide used this password, emphasising the importance of improving password practices.
Reality: Some organisations do not conduct a penetration test as frequently as they should or may not prioritise testing all potential attack vectors.
Regular and comprehensive penetration testing helps identify vulnerabilities before they can be exploited by malicious actors, thereby strengthening the business' security posture.
Facts: Despite the importance of penetration testing, a study by CyberSmart found that only 43% of UK businesses conduct penetration tests regularly.
Furthermore, 25% of UK companies admitted to never conducting a penetration test, indicating a gap in proactive security measures.
Reality: The belief that only large companies are targeted by cyber-attacks is a dangerous myth. In reality, SMEs are targeted at an alarming rate, often due to their lack of robust cybersecurity measures, making them easier targets for cyber-criminals to gain access to systems.
Facts: A Verizon 2023 Data Breach Investigations Report revealed that small businesses accounted for almost one-third of all data breaches.
Also, 74% of breaches involved a human element, which includes social engineering attacks, errors, or misuse.
Reality: While it is essential to have reliable IT systems and software in place to protect your organisation, an all-encompassing approach to cybersecurity is required to achieve complete protection.
A comprehensive cybersecurity strategy should incorporate cybersecurity training, risk management, and appropriate policies to ensure your IT department remains resilient in the face of evolving cyber-attacks.
Simple steps such as:
are essential components of a holistic cybersecurity approach.
Facts: According to the Cyber Security Breaches Survey conducted by the UK government, 32% of UK companies and 24% of charities overall recall any breaches or attacks from the last 12 months, highlighting the persistent threat landscape despite investments in computer systems.
Reality: The common myth that cyber attacks solely originate from external sources overlooks the reality of insider threats and human error.
These internal threats can occur from malicious software, disgruntled employees, or accidental actions.
Implementing robust access controls, providing continuous employee training, and monitoring human behaviour can help mitigate a cyber attack.
Facts: As per the findings of Ponemon's '2023 Cost of Insider Threats report, the average cost attributed to insider risks increased from $15.4 million in 2022 to $16.2 million in 2023.
Additionally, the average duration required to mitigate a security threat originating from an insider also saw a slight uptick from 85 to 86 days within the same timeframe.
Reality: Relying exclusively on antivirus software for secure cybersecurity is highly risky, as these software solutions are just the beginning of a cybersecurity plan and can only defend against known malware and network or system viruses.
Hackers continuously evolve and employ new tactics of cyber attacks such as zero-day exploits and sophisticated malware into the network or system to evade detection, so supplementary measures to secure are essential.
Layered security solutions such as:
should be in place in the business to defend against a wide range of cybersecurity threats and further secure your organisation's overall security posture.
Facts: According to the UK Cyber Security Breaches Survey 2023, only 49% of medium businesses, 68% of large businesses and 36% of high-income charities have a formal cyber security strategy in place, indicating a gap in understanding the need for holistic protection.
Reality: Public Wi-Fi networks are convenient but inherently insecure. Cyber attackers can intercept and access data being transmitted over these networks, posing a risk to sensitive information such as passwords, emails, and financial details.
To mitigate the cyber attack, consider using a virtual private network (VPN) when connecting to a public Wi-Fi network or avoid accessing sensitive accounts.
Facts: According to a survey by Cybersecurity firm BullGuard, 79% of public Wi-Fi users in the UK were unaware of the risks associated with using these networks, indicating a significant lack of awareness.
Reality: Symptoms of malware infections can be subtle or non-existent, allowing cyber attackers to maintain control over compromised devices while siphoning off data or launching attacks.
Regular scans, behavioural analysis and endpoint detection and response (EDR) are crucial for detecting and removing malware.
Facts: According to the UK government cybersecurity breach survey 2023, businesses using up-to-date malware protection decreased from 83% to 76% among businesses as compared to 2022.
Reality: Data loss can occur due to various factors, including hardware failure, malware infections, or accidental deletion.
Without regular system backups, valuable data can be lost irreversibly, leading to significant consequences for target individuals and businesses alike.
Implementing automated data backup solutions ensures secure data and accessibility, even in the event of a disaster.
Facts: The UK government's Cyber Security Breaches Survey 2023 revealed that 37% of businesses experienced data loss or breaches due to human error, hardware failure, or computer viruses, highlighting the importance of data backup practices.
Reality: VPNs (Virtual Private Networks) provide encryption and anonymity, which can enhance security, especially when using public Wi-Fi networks.
However, VPNs are not a one-size-fits-all solution and may not be necessary for every online activity. Additionally, the efficacy of a VPN depends on the provider and the implementation of increased security.
Facts: A survey by NordVPN found that 48% of UK respondents use a VPN primarily for privacy and security reasons, but 37% of Brits are still willing to risk their data security and choose free VPNs.
Debunking these cybersecurity myths can help SMEs take the necessary steps to strengthen their defence against cyber threats.
Partnering with a third-party security provider like Aztech offers organisations expert guidance and support in achieving a strong security posture.
Our IT team possesses extensive expertise with support services such as managed IT support, cybersecurity, digital transformation, business communication, IT solutions, cloud transformation and artificial intelligence that can contribute to a well-rounded cybersecurity approach tailored specifically for SMEs.
By collaborating with Aztech, small businesses will gain access to a wealth of knowledge and experiences, helping them to identify and address security gaps and receive up-to-date information on the latest cybersecurity trends.
In conclusion, debunking these most common cybersecurity myths and misconceptions is crucial for enriching a culture of awareness and proactive risk management.
By understanding the realities behind these myths and implementing robust security measures, organisations can better protect themselves against evolving cyber threats and also improve customer trust and business reputation.
So, don't let these cybersecurity myths and misconceptions weaken your business security; contact Aztech today to learn how we can help protect your SME and secure your digital assets through professional cybersecurity support.