With cyberattacks, ransomware attacks, and online fraud all on the rise, it’s important that everyone understands the basics of cybersecurity.

However, I still encounter many myths, misconceptions, and general lack of understanding about some of the most common threats.

So, here are five of the most common myths about a subject that many consider to be highly technical, but which often requires common sense and vigilance. By dispelling some of these myths, individuals and organizations can ensure they are better equipped to protect themselves from a growing number of threats.

Cyber ​​defense is all about technical skills

When you imagine what the task of defending against cyber threats is like, you might imagine someone sitting in a dark room scanning monitors for signs of network intrusion. In fact, the vast majority of cyberattacks (89% according to his 2022 study by the UK government) involve social engineering, where attackers try to trick users with access into their systems. More than programming, system administration, or computers, protecting yourself from these threats requires vigilance, risk management, regulatory and compliance knowledge, and, of course, common sense. In fact, the most important element of cybersecurity often involves understanding the human element of these attacks. Because this is usually what criminals are looking to exploit.

Only businesses need to worry about cyberattacks

You might think that cybercriminals only target businesses and wealthy individuals, but this is a big mistake. Thousands of attacks are launched against individuals every minute, many in the form of phishing attacks, attempting to divulge sensitive information that can be used to access computers and accounts. Other attacks that commonly target individuals include attempts to plant viruses or spyware on computers, and keyloggers that monitor keystrokes to collect passwords, credit card numbers, and bank account details. Another emerging threat that commonly targets individuals is botnets. This involves hackers hijacking hundreds or thousands of computers and exploiting their power to perform power-intensive but profitable activities such as cryptocurrency mining. It will be. In all of these cases, cybercriminals often prefer to target individuals rather than businesses. This is because they are less likely to have taken measures to detect and prevent the attack.

It is the sole responsibility of the IT department

It’s perhaps understandable that in the past, employees of organizations simply expected the IT department to be responsible for protecting them and the company as a whole from cyber threats. Today, threats are much more diverse and less focused on technical attacks, so everyone has a responsibility to be vigilant and improve their understanding of safety and best practices. In the boardroom, cybersecurity must be a fundamental element of business strategy. Essentially, even regular employees need to understand the importance of day-to-day cybersecurity, such as avoiding phishing attacks, using strong passwords, and keeping data safe while working outside the office.

All you need is a strong password, firewall, and antivirus

Although these are important, there is a common misconception that if individuals follow these basic steps correctly, everything will be fine. Taken together, these three measures become the basic building blocks of the technical elements of cybersecurity. You can think of these as the front door, walls, and guard dog of your digital home, respectively. Brute force attacks and social engineering techniques are routinely used to circumvent supposedly secure passwords, meaning other factors such as multi-factor authentication (MFA) are essential. While firewalls are essential, they are not impregnable and, like antivirus, they must be constantly monitored for breaches and kept up to date. And of course, if you, or someone else with access to your system, ignores the human factors discussed earlier in this article and simply gives an attacker the keys to compromise themselves, they Everything becomes worthless.

Cyber ​​attacks are external threats

Media coverage often focuses on criminal organizations attacking victims from a distance. Unfortunately, this obscures the fact that research suggests that up to 75% of cyberattacks actually take place within a company.

Insiders are given a level of trust within an organization where appropriate and typically also have knowledge of internal systems and processes that can be used to circumvent security measures. Mitigating these threats can be delicate business for obvious reasons. Because showing a lack of trust in your staff or introducing overbearing surveillance measures can have just as damaging consequences as any other cyber-attack.

But disgruntled employees and internal corporate sabotage are just the beginning of the story. It is also believed that bad cybersecurity habits have been developed during the pandemic and working from home, leading to an increase in bad habits and practices and putting organizations at greater risk.

Again, education and instilling a level of vigilance across the workforce is key to tackling this misconception.