itSynergy: Blog
5 Cybersecurity Misconceptions That Need to Be Debunked
We can’t stress it enough. Although things are looking up after the tumultuous year that was 2020 (the COVID-19 vaccination is making its rounds, the employment market is picking back up), the past 12 months have shown us that every business needs to get tougher on cyberthreats. At itSynergy, we are on top of it (and dare we say ahead of things), and we want you to make cybersecurity a priority too. We spend a good deal of time debunking common security myths with our clientele and ensuring that they are cyber safe.
Let’s dig into 5 common cybersecurity misconceptions that are keeping network security experts up at night in 2021.
I’m Too Small to Be on a Cybercriminal’s Radar
“The No. 1 misconception we see is someone saying I’m just a little guy, I’m too small, No one cares about me, No one will target me,” stated Michael Cocanower, itSynergy founder and president. “The problem is that this logic assumes that cybercriminals are specifically targeting large enterprises. These criminals are sending a million phishing emails to whomever they happen to have in their database.”
Furthermore, those organizations in the small- and medium-sized business (SMB) space may have less technological defenses and more to lose by not having the deep pockets that larger companies have, making them easier targets.
Ransomware Isn’t a Threat Like It Used to Be
It’s the classic criminal vs. law enforcement trope. The criminal element detects a vulnerability and finds a way to exploit it for financial gain. Law enforcement gets wise to this and finds a way to minimize the vulnerability. Criminal gets stubborn and finds an alternate way to breach the vulnerability.
This scenario continues to play out in the ransomware arena, and it’s something that every business owner needs to be aware of. Whereas the ransomware attacks of yore (like 2018) involved threat actors installing a tool on your network, encrypting your data and backups, and then demanding money to get it back, stubborn cybercriminals have found a new vulnerability to exploit with their 2021 ransomware attacks.
Cocanower shared:
“The IT community has evolved by doing a better job with backups and disconnecting them from the network so that when this ransomware comes in, we can restore from these backups and be back in business.
“So now there has been another criminal evolution. Before they launch that attack, they’re going to hang out in your system for a month. They’re going to copy all your data to their servers. Now, when ABC Company comes back and says ‘We have our backups,’ the cybercriminal will counter with ‘Okay, that’s fine, but now we’re going to a) tell the world that ABC Company was hacked, so now you have the reputational side to deal with, and b) put all that data we were stealing out on the Dark Web for public consumption.”
Yikes.
There Is an Abundance of Security Talent
While cybersecurity is, without a doubt, a growing field, it is also facing a global skill shortage. 700,000 new professionals joined the field last year, which helped to bring the skill shortage down to 3.12 million from 4.07 million globally. And, this at a time when cybersecurity threats are at an all-time high due to mass remote working.
Although many managed service providers say they have 24/7 capabilities, what they really mean is that they offer a level 1 help desk engineer on call. Most do not employ 24/7 high-level team members such as a security analyst and a technology project manager. In other words, it is unlikely that their overnight “IT person’” can offer up the expertise to pull together a conference call with customer stakeholders, qualified engineers, security analysts, strategic thinkers, and incident response project managers at 3 a.m.
Here at itSynergy, we do. Why? Threat actors in other countries are perpetrating a large number of cybersecurity breaches, so a lot of this activity is happening around 3 a.m. This means we believe a highly qualified analyst, who is looking at the data around the clock, ready to make important decisions, should support all organizations.
The challenge for businesses is to be able to find the right talent to take care of the day-to-day tech activities and also the high-level, strategic decision-making needs of your organization. The cost to do this right is one of many reasons an outsourcing model or hybrid approach might be a better solution.
We’re Impenetrable Due to Our Firewalls and Anti-Virus Software
Once upon a time, software and hardware firewalls and anti-virus tools could do a decent job of keeping your data and networks secure. This is no longer the case. Nowadays, the rule of thumb is to assume your perimeters have been breached.
“You have to prioritize your investments with the assumption that the cybercriminals will get in,” Cocanower cautioned. “You need to be able to detect that they got in and be able to kick them out quickly. An overwhelming majority of cybercriminals say that firewalls and anti-virus systems are not a barrier for them at all.”
This is where adding additional layers such as Security Incident and Event Monitoring (SIEM) and Endpoint Detection and Response (EDR) come in as a more well-rounded IT solution. These additional layers of defense look at the behavior that is happening on the system and enable speedy and decisive action. If you are not deploying these additional layers inside the perimeter as part of your overall cyber strategy, it’s time to talk to us.
Phishing Scams aren’t a Concern
Phishing is a cyberattack in which the cybercriminal attempts to obtain proprietary information (think user names and passwords, credit card numbers and bank account information) via email.
Phishingbox shares the following statistics on this growing cybercrime:
- 94% of malware was delivered via email
- 65% of attacker groups used spear-phishing as their main infection vector
- 64% of organizations have experienced a phishing attack in the past year
- 48% of malicious email attachments are Office files
Cocanower discussed the results of a recent phishing test conducted by itSynergy on behalf of a client:
“In the latest test, we hit 250 users. Of the 250, 10% clicked on the link. That’s concerning in itself, but then three people gave up their credentials (username and password). Over 1% of users! One of the trends we picked up from this last test was that a good proportion of the people who clicked on the link did so from a mobile device where it can be more difficult to properly assess the legitimacy of an email.”
IT Solutions for Cybersecurity
While there are positive developments on the horizon, now is not the time to get lackadaisical with your cybersecurity. 2021 is a great time to shed old thinking and common misconceptions. Outside forces are working against your cybersecurity plan, and they are counting on your complacency. Now is the time to book a rapid security assessment and take control of your technology strategy and cybersecurity future. The award-winning managed services provider itSynergy will help you get there.