Cybersecurity myths continue to put businesses at risk. To state the obvious, this could be catastrophic for all organisations, no matter their size.
Even though larger businesses in the UK claim to practice good cyber hygiene, the UK government’s Cybersecurity Breaches Survey 2022 found that 39% of businesses in the UK have been a victim of cyberattacks in the past 12 months. So, which cybersecurity myths are putting organisations at risk?
Zero Trust solves a technology problem
Understanding what Zero Trust entails is essential. Zero Trust does not address a technology problem, it addresses a business problem. The Zero Trust approach identifies each user in the network to provide end-to-end transparency, allowing businesses’ IT security team to visualise the data flow within an organisation. As a result, this gives the organisation a clearer understanding of what exactly should be secured.
It is assumed that if access into a system is interrogated, attack pathways are likely to be reduced. This is because full system visibility allows for vulnerabilities to be identified, so security gaps can be closed before they are breached. Eventually, this makes it easier to monitor for and identify attacks before they occur.
Zero Trust is a strategy which is built upon businesses implementing the best cyber hygiene practices. These include the need to continually monitor for potential threats and attacks, proactive patching, and vulnerability management. According to Okta’s The State of Zero Trust Security 2022, 45% of businesses in the EMEA region have already implemented a Zero Trust approach and 53% are looking to do so in the next 12 to 18 months.
Phishing attempts are easily identifiable
Phishing attacks are no longer as simple as they once were. If phishing emails are in the right tone of voice and look legitimate, recipients are more likely to click on the malicious link. Through this, threat actors can take a range of harmful activities, such as asking for payments, stealing data and worse of all, deploying malware. Recent research from Acronis’ Mid-Year Cyberthreats Report 2022 cites that phishing emails remain the most common method of attack. Additionally, these types of attacks have seen a 10% increase since 2021, according to the same report.
With the increased use of social media, threat actors are using this method and other publicly available information to build personalised and specific phishing emails. Some threat actors are going as far as creating fake social media profiles to build rapport with high value targets and lure them in before sending the malicious payload.
Employees should not be mistaken in thinking that their employer is able to protect them from these attacks. Sometimes, emails will slip through the gaps. As threat actors’ tactics are advancing and evolving, businesses cannot alert their employees to every new specific exploit and tactic being used fast enough. It is essential for businesses and employees to understand the correct approaches to cybersecurity hygiene and the potential threats they face, so that they can then uphold their responsibility in overcoming this.
Small businesses are small targets
Many small businesses believe that they are not significant enough for hackers to target. This is based upon a misconception that hackers specifically choose each of their targets. Rather, it is more common for threat actors to run automated attacks, scanning for those systems which are vulnerable. The 2022 Cyberthreat Defence Report concluded that organisations with 5,000 to 25,000 employees are more likely to be the victim of a cyberattack.
Small businesses need to improve their cyber hygiene practices as they are more financially vulnerable, so an attack will be more catastrophic and could lead to closure of their business. In June 2021, the European Union Agency for Cybersecurity, ENISA, revealed that within a week of a cybersecurity attack, 80% of SMEs across Europe believed that this would have serious negative consequences to their business. Additionally, 57% of SMEs believed that they would go bankrupt from an attack.
Paving the way for a cyber secure future
Continued collaboration between employees, their organisation, and their partners is key to staying ahead of cybersecurity vulnerabilities. It is up to all employees within an organisation to stay alert to do their part to protect the business. Additionally, it is essential for businesses and employees to understand which threats are serious and need attention, and those which are not. The focus should be placed on addressing the most serious risks faced by the business. For a resilient security practice, partners can help guide businesses to pinpoint cybersecurity vulnerabilities and patch these gaps through deploying training programmes and providing the right cybersecurity solutions.
Creating a strong cybersecurity posture is difficult for many businesses and poses a continuing challenge. Businesses will never regret having a robust security programme in place. By leveraging support from channel partners, businesses can ensure that they are taking the right steps to protect themselves.
