Cybersecurity is a complex field that’s constantly changing to keep up with new technologies. These conditions make it fertile ground for misinformation that can lead to poor security practices. It’s National Cybersecurity Awareness Month, so it’s the perfect time to dispel a few common cybersecurity myths.
Myth: Cyberattacks Always Come from External Sources
Organizations certainly need to protect themselves from external attackers, such as sophisticated cyber gangs or foreign nation states. However, the risk from an organization’s own staff, who often already have access to sensitive resources, may be even greater. These insider threats could be malicious acts from disgruntled employees but are often simply accidents resulting from ignorance or carelessness.
To protect against threats from within, organizations should implement effective access control policies, such as least-privileged access and disabling dormant accounts, monitor user behavior and invest in cybersecurity awareness training.
Myth: Defending the Network Perimeter is Enough
Another misconception built on the myth that all threats come from outside is that defending the network perimeter is sufficient to protect your organization. With the growing prevalence of cloud computing and the widespread shift to remote workforces accessing the network via VPNs, the network perimeter is becoming impossible to secure. Traditional perimeter defenses, such as firewalls and antivirus software, are no longer enough. Increasingly, organizations are turning to defense-in-depth strategies, such as zero trust, to adapt to these changes.
Myth: Small Organizations Are Rarely Targeted by Cyberattacks
Small companies often believe that cyber criminals are only interested in large enterprises with vast stores of sensitive data. The truth is that small organizations are attractive targets because many cannot afford dedicated security teams or, believing they are unlikely to be attacked, have neglected to implement a cybersecurity program. In fact, a 2019 report showed that 43% of data breach victims were small businesses. To avoid becoming the next victim, small organizations should establish a basic cybersecurity plan by scheduling an independent security audit to evaluate risks, developing cybersecurity policies, and training staff on cyber hygiene.
Myth: Complicated Passwords are Safer
Contrary to what many security teams have been teaching for years, complex password requirements often impede security. When users are forced to remember dozens of passwords with arbitrary numbers and special characters, they often resort writing them down or creating weak passwords like Password1!. Instead NIST recommends using long, simple passwords that are easy to remember.
Sorting Fact From Fiction
Looking for help determining what security practices are outdated or based on misconceptions? MBL Technologies provides a comprehensive array of cybersecurity services, from threat intelligence to training and awareness. We can help ensure that your security practices are current and effective.