5 Cyber-Security Myths We Need To Ditch

Pick a subject, any subject, and there are myths and pure nonsense that someone will buy into.

Birds will die if they eat the uncooked rice flung at newlyweds. (Nope)

If you eat Mentos and drink Diet Coke simultaneously your stomach will explode. (Hardly)

You only have one credit score. (Wrong)

Napoleon was short. (At 5’ 6”, his height was average in his day).

“President Obama was the founder of ISIS.” (Oh, come on Donald!)

Cyber-security has its own set of misconceptions as well. Here are five.

1. Software Will Protect You

Say it with me now: “Software alone is not going to stop cyber-crime, even a little.”

There is no more harmful notion than the one that leads people into doing whatever they want on their computers or smartphones because they downloaded a software update. While software has its benefits, they often have to do with containing damage, not stopping an attack.

The false sense of security fostered by the idea that software can protect anyone from the kinds of daily mutating, highly sophisticated attacks out there today is dangerous.

2. Cyber-Crime Is Mostly About Credit Card Fraud

The idea that cyber-crime is just about credit card fraud is a pernicious misconception that, ironically, can lead to credit card fraud and other forms of credit-related crimes.

There is no right answer to the question regarding the most prevalent forms of cyber-crime. But by far the majority of the capers out there are focused on grabbing colossal amounts of personal identifying information from organizations that do business with millions of people or, alternately, stealing confidential business information that can be sold to the highest-bidding competitor. Sure, there are other forms of attack, some of them very much on the rise, such as ransomware schemes, but by and large the focus among cyber-criminals is on sellable information and making a lot more money than can be had from a credit pump-and-dump.

That said, the ways that stolen information can be used leads back to consumers and can very easily result in credit fraud, since stolen data can be easily purchased by identity thieves for next to nothing on the dark web.

3. Cyber-Crime Is Only About Making a Buck

If cyber-crime were only about making money, we’d all be a lot safer than we are right now.

Let that sink in.

Make no mistake, there are hordes of hackers out there driven by ideology. Many are far less interested in making money than in making money disappear or taking down the electrical grid or rigging an election. For them, mere monetary reward is not a motivation unless it is needed to facilitate an attack.

This is the stuff of nightmares and blockbuster Hollywood films, and there isn’t a thing most of us can do to stop any of it from happening.

In a world where the Stuxnet worm that was used to attack Iran’s nuclear program is quaint technology and detonating a hydrogen bomb would inflict less casualties than a cyber-attack that shuts off the power grid, having our credit ruined by a pajama-wearing identity thief is the least of our worries.

4. Cyber-Criminals Don’t Target Small Businesses

The myth that cyber-criminals don’t focus on businesses that aren’t at the top of the food chain can be debunked with one name: Target. The company was hacked by one remove. The criminals managed to get malware on a far-flung point-of-sale system by coming in the side door. They merely had to compromise a smaller HVAC vendor.

No matter how small the enterprise, it must have serious security protocols and a meaningful cyber-defense plan, lest it suffer an extinction-level event and potentially bring down a whole lot of other folks with it.

5. There Is No Way to Stop a Cyber-Attack

This is the biggest myth out there, in my opinion. Except, of course, that in the final analysis it is true: There is no way to stop every single cyber-attack.

That said, for many attacks, PEBCAK is the answer. Unfamiliar with this approach? It’s an oldie but goodie that anyone in IT will recognize, the letters forming an acronym that neatly states why countless attacks are successful. PEBCAK stands for Problem Exists Between Chair and Keyboard.

While it is true that cyber-threats abound, the only way to contain the pandemic and meaningfully push back is if everybody does what they are supposed to do. That is a big “if.” But one can hope, and while fixing the human problem is a Herculean task, it’s a worthy goal.

By Adam Levin for huffingtonpost.com