The 10 most common cyber security myths

Is it a cyber security truth or a cyber security myth? Cyber crime is on the rise, and a large part of combating it starts with understanding the threats that exist. Unfortunately, numerous myths about cyber security persist which can lead to complacency or an incorrect risk management approach.

Photo: Rodion Kutsaiev via Unsplash+

Although no data is unimportant, there are different security or risk levels to data which will change how you share and store it. You should have a process to identify which data is “high risk” and how it should be protected and stored on top of the typical procedures you have for all data. Users with access to this higher security data should also take additional training. 

Myth: Cyber security is a technology issue.

Cyber security is not just a technology issue, it is a human issue. All the password managers and firewalls in the world cannot protect you from all cyber attacks. The best thing you can do for your organization is to have a positive security culture and awareness among your employees, customers, and partners. By having a team that is ready to identify and stop attacks, you are adding an important addition to your line of protection. Besides, your technology protection won’t work if your people don’t use them correctly (or at all). 

Myth: Buying more tools can bolster cyber security protection.

Buying more tools doesn’t necessarily improve security because businesses often don’t have a tools problem, they have an operational problem. As stated earlier, you can have the best tools in the world, but if you don’t have people who know how to implement them properly or policies that ensure that they are implemented, they are of no use. 

Before buying more tools, ensure that your original security tools are properly configured, monitored, and integrated with your overall security operations. Do you have the right security team to ensure that – or do you need to bring in a third party? Then ensure that you have skilled and trained staff who can use these tools. This means creating custom training for every team that will be utilizing each tool.

Create customized training groups for your ultimate security awareness program using Click Armor’s new customized groups tool. Schedule a call to learn more.

Myth: Compliance equals security.

Compliance does not equal security. Compliance means meeting the minimum standards set by laws or regulations, which may not cover all the risks you face. Being compliant does not guarantee that you are secure.

Security means protecting your assets from all kinds of threats, which requires a proactive and continuous approach. Rather than just checking off boxes that the government or insurance requires, you must conduct a risk analysis on your own business, identifying all the potential risks and implementing proper tools and programs to manage them. 

Myth: If I have cyber insurance, I don’t need a security awareness program. 

Cyber insurance is not a solution to transfer risk. Even with cyber insurance, you still need a successful security awareness program. Cyber insurance can help you cover some of the costs of a cyber incident, such as ransom payments, legal fees, or recovery expenses. However, cyber attacks can cause more than just monetary losses, such as reputation loss, customer churn, or operational disruption, that insurance companies cannot fix. 

Cyber insurance should be exactly what it is, financial protection and reimbursement, but you need a security awareness program to protect yourself from these other losses. 

Myth: Regular penetration tests are enough.

Regular penetration tests are not enough. Penetration tests are simulated attacks that test your defences and identify vulnerabilities. However, they are only snapshots of your security posture at a given time and may not reflect the changing threat landscape or the evolving tactics of cyber criminals. 

You need to complement penetration tests with other security assessments and monitoring tools that provide continuous visibility and feedback on your security status.

Myth: Encryption is magic dust.

Encryption is not magic dust. Encryption is a process of transforming data into an unreadable form that can only be decrypted by authorized parties. However, encryption is not a foolproof solution for securing data. Encryption can be broken by brute force attacks or compromised by weak keys or algorithms. Encryption also does not protect data from unauthorized access or modification if the encryption keys are stolen or mishandled. 

Although encryption can be a great tool to add to your program, it shouldn’t be your only tool or protection for your data. 

Myth: Antivirus software is enough to protect my devices.

Antivirus software is not enough to protect your devices. Antivirus software is a program that detects and removes malicious software (malware) from your devices. However, antivirus software cannot protect you from all types of malware or other cyber threats, such as phishing, ransomware, or denial-of-service attacks. Antivirus software also needs to be updated regularly to keep up with new malware variants and signatures. 

Again, this is a great tool to have, but it shouldn’t be your only tool. 

Myth: I don’t need to worry about cyber security because I have nothing to hide.

You might not have anything to hide, but you do need to worry about cyber security because you have something to lose. Cyber security is not only about privacy but also about the integrity and availability of your data and systems. If you don’t protect your data and systems from cyber attacks, you may lose access to them or have them corrupted or deleted by cyber criminals.  

This can affect your personal or professional life in many ways, such as losing money, information, and opportunities. 

Myth: Humans are the weakest link in cyber security.

Humans are not the weakest link in cyber security; they are the strongest asset. Humans are often blamed for causing or enabling cyber incidents due to their lack of awareness or negligence. However, humans can also be the best defence against cyber threats if they are educated and empowered to act securely. 

Humans can detect and report suspicious activities, follow security policies and procedures, and use common sense and critical thinking when dealing with online situations. To build up your employee’s awareness, have regular and targeted training, build a positive security culture, and identify your security champions. 

With these myths debunked, you should be ready to build a successful security awareness program. When designing your program remember that all data is important, one tool can’t be your entire security program, and that people are the key to success. Good luck!

Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.