Myths of Cyber Security : We work online. We live online. As our fast-paced lives get exponentially dependent on digital services, the urgency to protect our information from being misused is crucial.
In 2014, eBay went down in flames of embarrassment, as it sustained the biggest hack of that year, revealing that hackers had managed to steal personal details’ database of 233 million users!
The hack occurred between February and March; with usernames, physical addresses, passwords, and phone numbers put in jeopardy. Users were encouraged to change their passwords and were reassured that their financial information was not stolen, as it was separately stored and encrypted. Regardless, there were further concerns that poached personal information could leave eBay users exposed to identity theft.
While some cyber security threats are exaggerated, some are shrugged off as low-level threats. The issue at hand is that the Internethas given us the leverage of looking up for answers to any questions.
Despite cybersecurity being such a burning topic, there are still several questions and assumptions surrounding it; that disallow organizations from truly arming themselves against attacks. In this blog, we attempt to demystify the five most popular myths of cyber security:
Myth: I have a firewall, so I’m safe from attacks.
Reality: Hackers understand strategies adopted by a firewall quite well. Disrupting codes and exploiting basic IT oversights to gain access to your system is a piece of cake for them. One Breach Investigation Reports reveals that only 17% of cyber security threats were designated to be highly challenging, implying that, hackers make 83% of cyber security threats without much effort. While most cyber security threats are avoidable, your organizations can not rely solely on firewalls for protection.
Did you know?
The average global cost per each stolen or lost record consisting of sensitive and confidential data was $154. Healthcare was the industry with the highest cost per stolen record at $363 per record.
“Cost of Data Breach Study: Global Analysis” | IBM/Ponemon
Myth: I use HTTPS, so my site is secure.
Reality: HTTPS is a mechanism for securing information while being transmitted from a source to its destination. It safeguards the data being sent between a browser and a web server from Man In the Middle (MIM) attacks. Though it secures your website at a minimal level, HTTPS does not curb hacking of a website, server, or a network. By diminishing Distributed Denial of Services (DDOS) attacks, hackers can brute force their way into your access controls exposing your website’s availability. Regardless of the client’s intent, HTTPS blocks most of the modern Intrusion Detection/Prevention Systems from analyzing the incoming data. In a nutshell, HTTPS does not prevent a hacker from exploiting software vulnerabilities. It isn’t reason enough for you not to use HTTPS, but it’s a point that you must take into consideration. Assume that everything you do online – HTTPS or HTTP – is being supervised.
Did you know?
In the year 2014, dozens of fake SSL certificates were uncovered which were the replicas of legitimate certificates from Facebook, Google, iTunes, YouTube, GoDaddy, etc. The end users who used apps or other non-browser softwares to access the internet that did not check the legitimacy of SSL certificates, were victims to the man-in-the-middle attacks.
Myth: Security isn’t my concern when I’m hosting my website on someone else’s hosting space.
Reality: Hosting providers such as GoDaddy, HostGator, DreamHost and others are responsible for hosting thousands of websites. Monitoring each site evidently requires a lot of time and resources, that your provider just can not afford. In an accurately secured server, jeopardizing the content in one website will not make other sites defenseless, unless those sites are on the same account. It would not be an accurate scan even if a host did scan all of the sites because such kind of service can only be predicted from a specialized host or a server with proactive management. If a site’s script is poorly coded, hackers can gain access to the site, damage the homepage, add links to and from other sites, and even redirect the site. None of these is an obvious malware to a typical scanner. A host can only provide server level security, but the responsibility for individual sites still lies with the site owner.
Did You Know? Nearly 90% of all external attacks exploit poorly administered, misconfigured or inadequately managed systems, which any fairly competent hacker could exploit.
Myth: If a computer is not connected to a network or the internet, it cannot be attacked by viruses.
Reality: Sadly, no computer is a merry island. Internal threats are in fact, the greatest threats. Since computers need the patches downloaded and software updates loaded, users working inside your firewall with laptops, USB drives, and removable media that have been exposed to malware are a huge threat. Many cyber security specialists see the USB Thumb Drive as the biggest hazard to cyber security.
Did you know?
In a research done on cyber security, it was found that 1 out of every 8 attacks on computers these days, enters via USB devices.
Myth: Small or medium-sized business do not make a worthwhile target.
Reality: Everyone knows the cybersecurity threat looming over large organizations such as Anthem, Experian, and the IRS that were impacted by data breaches in 2015. However, an HM Government report confirmed that 74% of small and medium-sized enterprises reported security breaches in 2015.
A popular notion is that when there are so many big-shot corporations out there, why would a hacker target small businesses with minimal resources and less money? Here is the clincher though- since hackers are aware that smaller companies do not have the right resources to fight back, they make up an even easier and tempting target. One attack that is becoming alarmingly popular is Ransomware, where attackers encrypt data taken from the victim (individual/ small or medium-sized enterprises (SMEs)), and in return for decrypting the data, they ask for an “acceptable” amount from the victim as ransom.
Did you know?
A survey of 233 small to midsize companies by CFO Magazine found that about one in five small and midsize businesses reported cyber-attacks on their computer networks over a two-year period through February 2016. Another report by the National Small Business Association in December 2015 states that cyber criminals have swept an average of $32,000 from SMEs.
One of the biggest challenges faced by organizations today is the incorrect evaluation and assessment of threats to cyber-security. Rigid beliefs around major myths of cyber security often lead to misallocation of resources and setting inappropriate goals. Dispelling those myths is the key to developing a futuristic approach to information security that is exactly right for your business.