Many column inches are dedicated to the subject of cybersecurity but sadly all too often I read articles online that contain myths and misinformation. The net effect of this is that protecting yourself and your company against cybersecurity threats is widely misunderstood. In this blog post, our MD, Brian Third, debunks the most common cybersecurity myths.
Only large businesses get hacked
While it’s true that the likes of Facebook, Experian, and eBay are under constant attack from around the world that doesn’t mean that there aren’t people trying to hack into small businesses. Yes, the ‘rewards’ of hacking into a large organisation are higher, but the chances of getting into a small business are higher.
In 2018, almost one in every three (30%) UK small businesses suffered a cyber breach last year – equivalent to over 4,500 successful attacks per day or one every 19 seconds, according to Hiscox. Furthermore, the average cost of a ‘basic clean up’ after a breach is £25,700. Indirect costs, such as damage to reputation, the impact of losing customers, and difficulty attracting future customers, significantly exceed the cost of rectifying the cause and upgrading systems.
An added problem is that over half (56%) of those who’ve suffered a breach, is the victim of multiple attacks. In today’s economic climate it’s tough to run a successful small business but cybersecurity is not something that should be de-prioritised or ignored if you’re to succeed.
There’s no need for ongoing testing
Many of the companies I speak to innocently believe that once they have a system and processes in place, e.g. antivirus/antimalware software, two-factor authentication, and a firewall they’re protected and that’s it. The reality is cybersecurity attackers constantly change their approaches and test new methodologies – after all, it’s their full-time job!
The best way to maintain your businesses’ online security is to carry out regular penetration testing. This involves testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit. Essentially you’re trying to break into your own organisation!
It’s possible to automate penetration testing with software or it can be done manually. If you choose to go down the automated route, it’s important to regularly perform manual tests too in order to verify the integrity of your software solutions!
Another benefit of performing regular penetration testing is that it also acts as a check that employees are adhering to compliance requirements and not inadvertently exposing your organisation to unnecessary risks.
Attacks are obvious
Even seasoned cybersecurity experts often believe that a mythical siren will go off somewhere if there is a breach. The reality is there is no such thing, even with the most advanced software in place.
On September 8, 2018, an internal security tool flagged an attempt to access the internal guest reservation database for Marriott’s Starwood brands – the attack actually happened four years before that alert!
Tell-tale signs such as pop-up ads, slow-to-load browsers and, system crashes are long gone as hackers worked out ways to attack stealthily and slip past filtration systems and blocks. This is why it’s especially important to educate employees to recognise potential threats and make it easy for them to report issues with sufficient information to help you assess the situation as quickly as possible and minimise any potential damage.
Sadly, there are many more myths out there, too many to cover in a blog post but the good news is there are many reliable sources of information out there and Advanced Cyber Intelligence is always here to help.
Contact us to find out more about how Advanced Cyber Intelligence can help your business maximise its defenses against cybercrime.
Call: 01372 728090
You may also be interested in my previous blog post “If you Only do Three Things to Protect Your Business Online – Make it These!” to check you have the basics covered.