Thursday, April 18, 2024

CyberSecurity Myths Debunked

CyberSecurity Myths Debunked

We work online. We live online. As our fast-paced lives get exponentially dependent on digital services, the urgency to protect our information from being misused is crucial.

In 2021, Microsoft went down in flames of embarrassment, as it sustained the biggest hack of that year, over 30,000 US businesses were affected by a sweeping attack on the Microsoft Exchange email servers, one of the largest email servers in the world.

The hackers were able to exploit four different zero-day vulnerabilities that allowed them to gain unauthorized access to emails from small businesses to local governments.

For three months, hackers took advantage of a few coding errors to allow them to take control of vulnerable systems. They only needed two conditions to break into each individual company’s email servers:

  1. Connection to the internet
  2. On-premises, locally managed systems

While some cyber security threats are exaggerated, some are shrugged off as low-level threats. The issue at hand is that the Internet has given us the leverage of looking up for answers to any questions.

Despite cybersecurity being such a burning topic, there are still several questions and assumptions surrounding it; that disallow organizations from truly arming themselves against attacks. In this blog, we attempt to demystify the five most popular myths of cyber security:

# 1 Myth: I have a firewall, so I’m safe from attacks.

Reality: Hackers understand strategies adopted by a firewall quite well. Disrupting codes and exploiting basic IT oversights to gain access to your system is a piece of cake for them. One Breach Investigation Reports reveals that only 17% of cyber security threats were designated to be highly challenging, implying that, hackers make 83% of cyber security threats without much effort. While most cyber security threats are avoidable, your organizations can not rely solely on firewalls for protection.

Recommended:  Why Layer 8 Is Great

Did you know?

The average global cost per each stolen or lost record consisting of sensitive and confidential data was $154. In 2021, the healthcare industry continued to average the highest average total cost of any industry, reaching $9.23 million/data breach, a 29.5% increase from 2020.

# 2 Myth: I use HTTPS, so my site is secure.

Reality: HTTPS is a mechanism for securing information while being transmitted from a source to its destination. It safeguards the data being sent between a browser and a web server from Man In the Middle (MIM) attacks. Though it secures your website at a minimal level, HTTPS does not curb hacking of a website, server, or a network. By diminishing Distributed Denial of Services (DDOS) attacks, hackers can brute force their way into your access controls exposing your website’s availability. Regardless of the client’s intent, HTTPS blocks most of the modern Intrusion Detection/Prevention Systems from analyzing the incoming data. In a nutshell, HTTPS does not prevent a hacker from exploiting software vulnerabilities. It isn’t reason enough for you not to use HTTPS, but it’s a point that you must take into consideration. Assume that everything you do online – HTTPS or HTTP – is being supervised.

Did you know?

In the year 2014, dozens of fake SSL certificates were uncovered which were the replicas of legitimate certificates from Facebook, Google, iTunes, YouTube, GoDaddy, etc.  The end-users who used apps or other non-browser software to access the internet that did not check the legitimacy of SSL certificates were victims to the man-in-the-middle attacks.

# 3 Myth: Security isn’t my concern when I’m hosting my website on someone else’s hosting space.

Reality: Hosting providers such as GoDaddy, HostGator, DreamHost and others are responsible for hosting thousands of websites. Monitoring each site evidently requires a lot of time and resources, that your provider just can not afford. In an accurately secured server, jeopardizing the content in one website will not make other sites defenseless, unless those sites are on the same account. It would not be an accurate scan even if a host did scan all of the sites because such kind of service can only be predicted from a specialized host or a server with proactive management. If a site’s script is poorly coded, hackers can gain access to the site, damage the homepage, add links to and from other sites, and even redirect the site. None of these is an obvious malware to a typical scanner. A host can only provide server level security, but the responsibility for individual sites still lies with the site owner.

Recommended:  Anonymous Claims Data Leak to Force Nestlé Out of Russia

Did You Know?
Nearly 90% of all external attacks exploit poorly administered, misconfigured or inadequately managed systems, which any fairly competent hacker could exploit.

# 4 Myth: If a computer is not connected to a network or the internet, it cannot be attacked by viruses.

Reality: Sadly, no computer is a merry island. Internal threats are in fact, the greatest threats. Since computers need the patches downloaded and software updates loaded, users working inside your firewall with laptops, USB drives, and removable media that have been exposed to malware are a huge threat. Many cyber security specialists see the USB Thumb Drive as the biggest hazard to cyber security.

Did you know?

In a research done on cyber security, it was found that 1 out of every 8 attacks on computers these days, enters via USB devices.

# 5 Myth: Small or medium-sized businesses do not make a worthwhile target.

Reality:  Everyone knows the cybersecurity threat looming over large organizations such as Anthem, Experian, and the IRS that were impacted by data breaches in 2015. However,  an HM Government report confirmed that 74% of small and medium-sized enterprises reported security breaches in 2015.

A popular notion is that when there are so many big-shot corporations out there, why would a hacker target small businesses with minimal resources and less money? Here is the clincher though- since hackers are aware that smaller companies do not have the right resources to fight back, they make up an even easier and tempting target. One attack that is becoming alarmingly popular is Ransomware, where attackers encrypt data taken from the victim (individual/ small or medium-sized enterprises (SMEs)), and in return for decrypting the data, they ask for an “acceptable” amount from the victim as ransom.

Recommended:  NSA Publishes Top Practices for Improving Network Defenses

Did you know?

A survey of 233 small to midsize companies by CFO Magazine found that about one in five small and midsize businesses reported cyber-attacks on their computer networks over a two-year period through February 2016. Cybercrime continues to be a major concern, with 51% of SMEs experiencing a cybersecurity breach

One of the biggest challenges faced by organizations today is the incorrect evaluation and assessment of threats to cyber-security. Rigid beliefs around major myths of cyber security often lead to misallocation of resources and setting inappropriate goals. Dispelling those myths is the key to developing a futuristic approach to information security that is exactly right for your business.

original article source

Suggest an edit to this article

Go to Cybersecurity Knowledge Base

Got to the Latest Cybersecurity News

Go to Cybersecurity Academy

Go to Homepage

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
ClosePlease login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates