There are two myths that often cloud the judgement of business owners when it comes to Cyberattacks. Whilst they mostly think they are safe, the myths actually increase their chances of falling in the hands of cybercriminals and hackers.
The first Cyber Security Myth is that many business owners still believe that all cyberattacks are targeted. This means that unless they’re specifically selected as the prey of a hacking attack, they won’t fall victim.
It is not uncommon to see businesses that believe they will not be in the sights of cyber criminals, so aren’t at risk from suffering the negative effects of a cyberattack. You may even be one of such people with this belief, but if you ask the Western business leaders that were hit by NotPetya in 2017, they would definitely have stories to tell you that would change your mind set about cyber-attacks.
To quickly recap what NotPetya was about – it was a malware campaign launched against Ukraine by Russia, which quickly spread around the world, knocking businesses offline and doing vast amounts of damage to people who weren’t primary targets of the attack in the first place.
The original target of the attack was Ukrainian infrastructure, but it damaged — amongst other things — British advertising and pharmaceutical companies, as well as the shipping giant, Maersk!
The impact of NotPetya forced Maersk to reinstall 4,000 servers and over 45,000 PCs, with losses caused by serious business interruption estimated to amount to over $300m, despite the shipping firm never being the intended target of the attack.
Another example of how unsuspecting organizations can find themselves the victims of a major cyberattack is the incidence of WannaCry Ramsomware.
The UK’s National Health Service found itself an unwitting victim of the campaign spread via an aggressive worm-like virus launched by North Korea in an effort to extort ransoms.
Despite the fact that you would wonder about the absurdity of attacking a body like NHS, yet they weren’t spared. This means that when it comes to cyberattacks, there is really no one that can be spared!
The second Cyber Security Myth is that some businesses don’t engage with cybersecurity because they believe it to be too complicated. This is quite an irony as businesses usually have to deal with complicated issues every day, and it begs the question why understanding cyber-security should be too complicated to figure out. Actually, it isn’t even complicated!
If your company can deal with complex data, millions of financial transactions, transportation of goods from one end to another, provision of services to diverse customers, or anything at all, cybersecurity is not something you should not be able to comprehend and deploy.
Even simple activities like ensuring systems and software are up to date can go a long way to protecting organizations from cyberattacks.
This approach could have helped organizations around the world avoid becoming victims of Cloud Hopper, a data-stealing espionage campaign, which Western authorities have attributed to China’s state-backed hacking group APT10.
Much of the campaign was based around distributing phishing emails containing malicious Word documents, which — when opened — ran macros that retrieve malware.
If the targeted organizations had applied relevant patches, the vulnerabilities exploited by the attackers wouldn’t have had any effect. And you can only blame this on poor cybersecurity or understanding of it because while the APT in APT10 stands for ‘Advanced Persistent Threat’, the attack wasn’t that advanced.
Dispelling these two cybersecurity myths from your mind can go a long way from keeping you safe against attacks that may put your business data and infrastructure at risk of loss or ransom.
To know about more myths that need to be forgotten, or get exposed to different ways to mitigate cybersecurity threats, make it a date to the Sidmach-Sophos Lunch and Learn event happening this February.
At the event, you will also learn about cost-effective security dynamics, get introduced to tools that mitigate latest threats, have complete visibility and control of your IT Infrastructure.