Despite an ever-increasing volume of cybersecurity incidents worldwide and the insights gleaned from resolving these incidents, some misconceptions persist. Some of the most dangerous include:
Strong passwords are adequate protection
Strong passwords do make a difference; for example, a 12-character password takes 62 trillion times longer to crack than a 6-character password. But passwords are relatively easy to acquire in other ways, such as through social engineering, keylogging malware, buying them on the dark web or paying disgruntled insiders to steal them.
Most cybersecurity risks are well-known
In fact, the cyberthreat landscape is constantly changing. Thousands of new vulnerabilities are reported in old and new applications and devices every year. Opportunities for human error—specifically by negligent employees or contractors who unintentionally cause a data breach—keep increasing.
Cybercriminals find new attack vectors all the time. The rise of AI technologies, operational technology (OT), Internet of Things (IoT) devices and cloud environments all give hackers new opportunities to cause trouble.
My industry is safeEvery industry has its share of cybersecurity risks. For example, ransomware attacks are targeting more sectors than ever, including local governments, nonprofits and healthcare providers. Attacks on supply chains, ".gov" websites and critical infrastructure have also increased.
Cybercriminals don’t attack small businessesYes, they do. The Hiscox Cyber Readiness Report found that almost half (41%) of small businesses in the US experienced a cyberattack in the last year.7