You might think your business is too small for a cyberattack, your security is too strong or your data is too insignificant. Unfortunately, we have some bad news: no organization is safe from the continually growing threat of a cyberattack regardless of size, industry or best efforts. Here are the top nine cyber security myths, and the harsh realities behind them.
- Cyber Security Myth: Only big organizations are at risk of a cyberattack.
Reality: Half of all data breach victims are SMBs.
According to the 2018 Verizon Data Breach Investigations Report, 58% of data breach victims are small businesses. That’s because SMBs are often seen as more vulnerable than bigger businesses and as having fewer security protocols in place. A recent study by the Poneman Institute, The 2018 State of Cyber Security in Small and Medium Size Businesses, revealed that 70% of small businesses have experienced a cyberattack in the last 12 months. According to the report, only 28% of small businesses rate their ability to mitigate threats, vulnerabilities and attacks as “highly effective.”
- Cyber Security Myth: Hackers aren’t interested in my industry.
Reality: Any organization with sensitive information is vulnerable.
Malware and viruses don’t discriminate; any machine or network can pick up a Trojan Horse or face a ransomware scheme. While financial services and healthcare are among those industries hit by the most cyberattacks, wide nets are cast and can land anywhere. Across the world, ransomware attacks are up 350% and IoT attacks are up 600%. If your business has a network or a computer, it’s at risk.
- Cyber Security Myth: I’m only at risk from outside cyberthreats.
Realty: Insider threats are frequent and often harder to detect.
From rogue employees to careless ones, from third-party contractors to business partners, research suggests insider threats account for up to 75% of all security breaches. According to a recent article from Security Magazine, 32% of companies can’t even determine the root source of a data breach after 12 months–so that 75% could be even higher.
- Cyber Security Myth: Cyber security is the IT department’s responsibility.
Reality: Cyber security is the responsibility of every member of your team.
According to some reports, more than 90% of malware is installed over email. If your employees aren’t trained on cyber security best practices, such as how to identify phishing emails and the risk of clicking on unsafe links, they could be leaving your organization in peril. Some email hacking ploys are quite sophisticated, and employees are not always on guard. Regular cyber security awareness training is critical.
- Cyber Security Myth: You’ll know immediately if your network is infected.
Reality: Modern malware is stealthy and hard to detect.
It takes an average of 191 days for a business to detect a data breach, and then another 66 days to fully contain it. The longer a breach occurs, the more files may be compromised, the more data can be stolen (and perhaps sold on the black market) and the more likely your organization is to suffer irreparable harm.
- Cyber Security Myth: My anti-virus and anti-malware software keeps me safe.
Reality: Software can’t protect against everything.
In 2016, the cybersecurity company McAfee says it found four new strains of malware every second. Who knows how many they never detect? There is no way updates can keep up with the evolution of cyberthreats. Making matters worse, many businesses don’t immediately install security patches, either due to ignorance of difficulty. As reported by online security site CSO, “People aren’t too dumb or lazy to install patches. They want to do the right thing. But patching can be difficult for a multitude of reasons, and those roadblocks explain why patching is performed so poorly in most organizations.”
- Cyber Security Myth: My passwords are strong enough.
Reality: You need two-factor authentication.
When multiple employees have access to the same system, that system is only as strong as the weakest password. But even a strong password isn’t without risk: an employee can be duped into sharing a password via a phishing scheme, or re-use a password that is compromised somewhere else. Two-factor authentication can reduce much of this risk.
- Cyber Security Myth: Our organization has never faced a cyberthreat, so we’re safe.
Reality: That’s what everyone says right before they go out of business.
Are you familiar with the Identity Theft Resource Center (ITRC) breach list? Every month this list is updated with newly reported business data breaches, most of which never make the front page. You won’t have to look long to find an organization like yours, whether it’s a business your size, in your industry, in your state, or all of those. This list also details how the breach occurred and what was affected. It can be eye opening for many small businesses, especially with 60% of small businesses folding within six months of a cyberattack.
- Cyber Security Myth: Complete cyber security is achievable.
Reality: No, never. Which is why you need a partner like Single Path.
In 2017, a cyberattack cost small-to-medium sized businesses an average of $2,235,000 per attack. Keeping your business safe from cyberthreats is a critical job; it can also be a full-time one. That’s why you need a partner like Single Path. We have helped thousands of organizations like yours protect themselves. From employee training to managed cloud services, from hardware procurement to our full slate of security solutions, we can implement the protocols you need to have a safer, more cybersecure organization. Because the biggest cyber security myth of them all is that your organization is safe.