Did you know that 63% of UK CEOs are concerned about how cyber threats could harm their ability to sell good and services? – PwC. As we witness the rate of cyber attacks grow exponentially, cybersecurity is becoming an increasingly important topic of discussion. Our goal is to inform organisations of the ever increasing risks and to debunk some of the biggest misconceptions around digital security.
1st Myth: Small businesses don’t need to worry about Hackers
It’s understandable why some smaller businesses prioritise other aspects of their business instead of their cyber security, however Barracuda found that cybercriminals are up to three times more likely to target small businesses rather than enterprises. This is because SMBs are looked at as ‘low hanging fruit’ and are targeted for their inadequate security infrastructure. In addition, on average employees working for smaller organisations will have less security training and will be more susceptible to being socially engineered. This is a huge problem not really being talked about considering 60% of small businesses fail within six months of a cyber attack or data breach, according to Cybercrime Magazine.
2nd Myth: Antivirus and firewalls are enough protection
Traditionally, antivirus accompanied with a firewall was adequate security protection for your business; however in 2022, unfortunately this is no longer the case. Complex malicious software and social engineering hackers are capable of slipping through the cracks unnoticed. Because of the ever increasing attack vectors, its crucial you update your defence mechanisms regularly to remain secure.
Cheeky Munkey work with its clients to develop a security roadmap and provide a holistic cyber strategy including, setup of a backup and disaster recovery plan, frequent cyber security training, setting up two-factor authentication and more.
3rd Myth: Phishing attacks are obvious
A common myth is that only the tech-illiterate fall for phishing attacks, therefore cyber awareness training is not seen as an effective use of their time. However, a new form of attack method named ‘spear phishing attacks’ is becoming increasingly more common. This is where attackers gather intel about your business prior to sending the malicious email, making the scam much more difficult to spot. In fact, 65% of all attacks use this method. To give an example, they commonly ask for payment or urgent action for a convincing reason. Attacks may also spoof a legitimate email – for example, a manager, the CFO or CEO.
This is why security training for all employees is vital to maintain the protection of your data. Although, even then, some phishing attacks may be too convincing to identify. Therefore, we recommend that all businesses look at email filtering services.
4th Myth: A long password will keep my account safe
Every password you create should be a strong password, as this is a robust cornerstone of a cyber security strategy. However, there are some other considerations to make other than having a long, complex password:
- Ensure regular changes of passwords. A quick search on the dark web will show you that hackers commonly sell private credentials at a very low cost; Frequent changes will limit your vulnerability.
- Encourage employees to remember passwords and not write them down. What’s the point of a complex password if it’s available for everyone to see on a a text file?
- Never share passwords.
- Implement multifactor authentication to ensure that hackers can’t gain access to your employees’ accounts even if they have their passwords.
5th Myth: Only worry about External threats
Typically internal threats fall into three broad categories:
- Stolen Credentials
- Negligent Insider
- Malicious Insider
Stolen credentials are heavily linked in with social engineering attacks, such as spear phishing. Frequent security training and the setup of Multi-factor authentication will limit there effectiveness.
Negligent insider threats are when an employee negligently exposes your business to a cyber vulnerability; this is usually unintentional and is the most common form of insider threat.
The least common type of insider threat is the malicious insider attack – where an employee or business partner causes damages or steals data intentionally. This is by far the hardest to protect from as companies generally assume all their employees aren’t out to sabotage them. The best way to protect from this is by enforcing strict access permissions (and ensuring employees can only access the data they need) and using data loss prevention (DLP) and monitoring tools.
How we ensure your business is secure
Hopefully we have busted some cybersecurity myths you used to believe because the average cost of a cyber breach in 2021 is $4.2M! (IBM). For this reason, we strongly recommend upgrading your security infrastructure today. Contact us now to start building your personal security roadmap to protect your data and reputation.
Did you enjoy this blog? – if so why not check out our previous article.