It is not a question of “IF” but “WHEN” they attack you

Karol Suchánek

5 MYTHS ABOUT CYBERSECURITY that cost companies millions…

Text: Karol Suchánek; Edit: Martina Hošková; Photo: Archive

1) We have antivirus and firewall. We are safe.

Times have changed. Cyberattacks have become a profitable business, bigger than the drug or arms trade today. Attacks are very sophisticated, and if you rely only on standard antivirus and firewall the risks of losing your data, know-how, or, let’s say e-shop, are huge. Are you asking why?

Every day, an average of one million new viruses are emerging, which an antivirus is not able to block automatically. There are dozens of publicly available ways of avoiding antivirus and firewall – which of course hackers are aware of and use.

Do you remember any high-profile cases of hacked organisations? They all had antivirus and firewall…

2) Only big companies are attacked.

One of the biggest cybersecurity myths. Do you think that if your business has less than 1,000 employees then you don’t have to worry about attacks?

Let ́s check the facts.

61% of cyberattacks target small and medium-sized businesses. The vast majority of cyberattacks are automated and affect the entire Internet.

60% of small and medium-sized business do not address cybersecurity and represent an easy target.

3) We have IT guys. They take care of our cybersecurity.

At the first sight, a very logical objection. However, experience unfortunately shows that reality tends to be totally different. Why?

Not all IT guys are the same. Like doctors, they also closely specialise, and you need a cybersecurity expert for IT. Do you have him on your team?

The same applies to external providers of IT services. Is cybersecurity in their portfolio? Do you pay them for protecting your IT? If not, nobody takes care of your cybersecurity.

Have your IT guys presented any proposals to increase cybersecurity? Do you get regular security monitoring reports? If not, breachers might already be in your net.

4) Cybersecurity is too expensive for small and medium-sized businesses.

It is true that for big companies with many branches, devices, servers, applications, and IT systems, good cybersecurity is expensive.

But how is it different for smaller businesses?

Significant cybersecurity improvement can be achieved by simply changing the configuration of the operation systems that you already have, without the need for buying new software.

By replacing physical servers with safe cloud services, you easily eliminate the need for dealing with often complicated and costly security.

By using external cybersecurity experts, you can get necessary know-how without employing costly experts and paying for their trainings.

5) We back up our data, we are safe.

Yes, back up is very important. However, on its own, it does not increase cybersecurity. It serves as a last resort in case of a successful attack.

Furthermore, the key question is: Will it work at all?

Is your backup also offline? It means saved in systems that are not constantly connected to the net or are cloud-based. If not, it is very likely that you will not be able to use it after an attack and you will lose it all.

Do you regularly test if you are able to restore your backup? You might be very unpleasantly surprised to find out that your backup can’t be restored and your last rescue plan failed.

Even if you restore all systems and data from your backup after attack, you are not out of the woods yet. How much data and work will be lost? What will your financial loss be for the time spent on restoring your backup? And most importantly: How do you know that the restored backup does not already contain malicious code that enabled the breachers to take over your systems?

Does anything ring a bell here?

No wonder. All these cybersecurity misconceptions are based on my everyday reality and experience with various companies. The importance of cybersecurity is higher today than ever before, so if you really see yourself in the myths, take practical steps to have the cybersecurity of your organisation verified by an independent cybersecurity audit before it’s too late.

Karol Suchánek

At the age of 16, he mastered 15 programming languages and developed his first cybersecurity software. He completed a special cyber-security program at MIT in Boston and training with the legendary Hak5 Group in Washington. He currently handles the privacy and the security of companies and public figures. Karol belongs to the Shift2Cloud team of experts, which improves the efficiency and security of companies. He holds NATO security clearance and is a court appointed cybersecurity expert.