During the team discussion about next-gen tools and techniques for prevention, detection, and recovery from cyberattacks, we started looking at some of the common mistakes that could have prevented the cyberattacks.
The careful investigation shows that cyberattacks can be very damaging, and human error is the major factor. According to Verizon’s 2020 Data Breach Investigations Report (DBIR) 22% breaches are caused due to Human Error. Since 2010, breaches due to human error have increased, breaches due to malware have decreased, and insider abuse has dropped drastically. IBM study published in July 2019 found that inadvertent breaches from human error and system glitches were still the cause for nearly half (49%) of the data breaches in the report, costing companies $3.50 and $3.24 million, respectively. Human error caused 90% of cyber data breaches in 2019, according to a CybSafe analysis of data from the UK Information Commissioner’s Office (ICO).
In the near past, network security was focused on big corporations and institutions. Nowadays, every person might be a potential victim of cyberattacks. Hence, we decided to list some myths and realities about cyberattacks.
| Myth | Reality |
| Only certain industries are vulnerable to cyber attacks | Any organization with sensitive information is vulnerable to attack |
| An infected computer displays a message intended to scare the user or operates very slowly | Hackers want to control the system or steal information, and they are not interested in displaying a skull on the screen |
| The company has a firewall hence the company is in good shape | A well-configured firewall can protect the company, but most of the time insider attack is often the biggest vulnerability |
| The corporate systems are disconnected from the internet, so the company will not have any risks | Internal threats pose a large threat USB drives, laptops, etc. that are brought into the isolated network can introduce huge risks |
| Small and medium-sized organizations are not targeted by hackers | Almost third or 28% of data breaches in 2020 involved small businesses as per Verizon Business 2020 Data Breach Investigations Report (2020 DBIR) |
| Anti-virus and anti-malware software keep the organization completely safe | The malware or virus protection software cannot protect against all cyber risks especially there could be zero-day attacks |
| The company virus detection software is up to date, so it is safe | Virus detection software detects known virus signatures New and mutating virus’ can evade signatures |
| The user will know right away if your computer is infected | Modern malware is stealthy and remains undetected for a longer time |
| Cybersecurity threats come from the outside | Insider threats are just as likely, and harder to detect |
| A VPN makes the organization completely anonymous | Even though VPN data tunnel is encrypted attacks come in many forms and the organization are not immune to other types of security compromises |
| If Wi-Fi has a password, then it is secure | All public Wi-Fi can be compromised, even with a password |
| Complete cybersecurity can be achieved | Cyber preparedness is ongoing, with a new threat emerging every day |
| A strong password is enough to keep the business safe | Two-factor authentication and data monitoring are required to protect the organization from emerging threats |
| Attackers rush to get in and leave quickly | Attackers deploy “low and slow” techniques |
| Governments’ new stricter cybersecurity laws and policies are discouraging cybercriminals | According to Interpol Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation |
| Effective response equals fast response hence low impact | Attackers perform several decoy operations to distract response teams |
| Cybersecurity specialists are capable of effectively managing the growing number of cyber threats as a direct result of technological advancements in big data analytics | The majority of small to mid-size enterprises have made relatively limited technological investments to enhance cybersecurity, due to financial reasons |
| With the help of the FBI, local law enforcement, and cybersecurity experts, the Government can deal with ransomware quite efficiently | Few examples will clarify the reality: In May 2019, the City of Riviera Beach, Florida paid 65 bitcoins (approx. $600,000) ransom to regain access to their computers.In March 2019, Jackson County, Georgia ended up paying $400,000 to get rid of the RYUK ransomware infection. |
| Cyber liability insurance coverage can ensure the organizations are financially protected from costly cyber fraud and data breaches | Most companies find it to be challenging to substantiate some of the damages while preparing a cyber data breach claim and do not always receive full reimbursement |
The list of myths and realities is compiled using several data sources includes WaTech’s state Office of Cybersecurity (OCS), Verizon DBIR, IBM Study Report, and CybSafe report.