With the season of monsters and ghouls being upon us, it is only right that we look at some common cyber security myths, dispelling them once and for all.
1. Only Important or Influential People are Targeted
This myth is named by experts as security through obscurity. In other words, it is considered that the internet is such a big place that no one cares about you and even if someone tried to attack your system, there wouldn’t be too much valuable data for them to steal.
Remember – It’s not about how important you are. It’s nothing personal.
Cyber criminals use automated tools to exploit your system’s vulnerabilities and they’ll take anything they can get. This includes everything, from your personal information to generic company data. Yes, even that’s a valuable asset, since they can use it for further malicious actions. So even if you think that you’re not important or that your personal or financial data is insignificant, a potential identity thief or IT criminal can still exploit the little information they’ve discovered about you. They can relate it to other information taken from multiple sources (e.g. social networks) and have a complete picture.
2. I don’t need security software, I don’t access unsafe locations
How many times do we hear someone saying that they don’t need anti-malware protection because they’re too smart to fall for the tricks used by cyber crooks? The truth is, many people believe that simple common sense is enough to stay safe from malware, phishing, identity theft and so on. If they’re thinking about spam email attachments or clicking on intrusive pop-up ads, they may be right, but that’s not the only danger. There are plenty of other malware attacks and vulnerabilities that are not visible.
Cyber attackers are able to exploit safe websites, insert malware into online advertising and even into your system. You can access a safe, perfectly legitimate website that doesn’t even require you to click on something and still get infected. You can equally get infected on a risky, illegal website as per a seemingly legitimate one. Malicious software and their methods of spreading are in a constant evolution. Just because they can’t be noticed, it doesn’t mean that they’re not there.
Many security vendors have results demonstrating that the average time a hacker spends on a breached system is in excess of 200 days before being discovered.
3. Internet security is expensive
Our modern generation spends most of its time online. Our activities do not only include communicating with friends on social media networks, but we also work online, shop online, access our bank accounts and so on. Our online lives aren’t as simple as entertainment and wasting a few hours, the internet is now an integral part of our lives.
How difficult is it for a cyber-criminal to use the information we provide on our Facebook account and correlate it with data obtained from malicious software that infected our system? And from that point, how far is the moment when our identity is being used for malicious purposes?
We all hear of instances where someone’s online identity has been stolen and money removed from their bank account. What we don’t hear is that recovering from such attacks can take a long time, perhaps even years. Since an attack can occur from any part of the world, the perpetrators are rarely brought to justice. When you draw the line, you realise that not having a proactive internet security approach is actually more expensive.
4. My Social Networks are Safe Places, Friends are Friends!
When a social network becomes popular, you can bet that cyber crooks will be there. They can smell the potential new victims. Since so many people are easily connected, scammers developed tricks that target these networks. If online criminals can place malicious content like drive-by downloads and pop-up ads on safe websites, they can do the same with social media accounts.
Another danger encountered on social media accounts is posed by fake profiles and personas created by cyber criminals. These are used to collect personal information about others. That information might seem irrelevant to you, but it will help them profile you and work towards identity theft. Be careful who you add to your list of friends or connections!
Here’s a blog by social media platform provider Hootsuite that exposes how social scams work.
5. I would know straight away if my systems were infected
Indeed, this used to be true. In the past, when computers started to run slow and get annoying pop-ups all over the screen, it was a sure sign of infection. Nowadays, cyber criminals have improved their methods. They are more efficient and know how to disguise their attacks. In most cases, users can’t tell if their system is involved in spam campaigns or coordinated attacks.
Malware is built to be undetectable and untraceable, even by antivirus software, in order to retrieve the desired sensitive information. It may be months before you even notice.
Install a good antivirus product against classical attacks and a security program against financial and data stealing malware, stay up to date with the latest security news and don’t forget to back data up!