Ten Myths About Cybercrime

Uploaded on 2017-05-02 in NEWS-News Analysis, GOVERNMENT-Law Enforcement, FREE TO VIEW

Don't let a cybersecurity fantasy stop you from building the effective countermeasures you need to protect your organisation from attack.

Cybercrime is all over the place, with damages, according to one estimate by Cybersecurity Ventures, expected to double from $3 trillion in 2015 to $6 trillion by 2021. 

In a prominent 2016 ransom attack, according to the 2016 McAfee Threat Report, a criminal was supposedly able to pocket $121 million within just six months, netting $94 million after expenses. 

Still, too often people believe in myths that prevent them from building effective counter-measures. Here are some examples:

Myth #1: Only large enterprises need to worry

No one is immune. Cyber-crime is affecting everybody, people and businesses of all sizes alike. 

Radware concluded in their 2016-2017 Global Application & Network Security Report that 98% of organisations experienced cyberattacks in 2016. A reported 31% of these attacks were directed at small and mid-sized companies with less than 250 employees.

Myth #2: Threats are completely overrated; it’s not a big deal!

That’s wishful thinking; the frequency of incidents is eye-opening. According to McAfee Labs’ Threats Report, the average mid-sized organisation (1,000–3,000 employees) encounters 11–20 incidents in a single day. 

Larger organisations (3,001–5,000 employees) are slightly busier, with the median at 21–30 incidents per day. The largest organisations (more than 5,000 employees) are busiest, with the median at 31–50 incidents daily.

Myth # 3: Bad guys are always outsiders

According to the Radware report, roughly one-third (27%) of all incidents are caused by insiders due to malicious or accidental actions. Some sources believe that number to be much higher. 

Indeed, users are often unaware and easy to dupe. In a more recent Verizon study, 30% of phishing messages were opened by the target across all campaigns. Some 12% even went on to click the malicious attachment or link and thus enabled the attack to succeed.

Myth #4: Companies are prepared to combat cyber-crime

New research this year from by BMC and Forbes suggests that 68% plan to enhance incident response capabilities in the next 12 months. This seems to be overdue as companies are still pretty unprepared. The report notes that 40% have no incident response plans, while 70% have no cyber-insurance.

Myth #5: I’d sign up for an insurance policy if I could.
 
It’s a booming market. Perhaps one of the areas experiencing the strongest growth within the insurance area is cyber-security. As a matter of fact, annual gross written premiums are set to triple, from around $2.5 billion in 2015 to $7.5 billion by 2020, according to PWC.

Myth #6: All of our PCs are equipped with antivirus and encryption.

Even so, bad news: by 2020, PCs will only play a minor role as the vast majority of users will opt for mobile devices such as tablets and smartphones instead. According to a 2015 prediction from Cisco, traffic from wireless and mobile devices will account for 66% of all IP traffic worldwide. 

Data stored on connected devices will be five times higher than data stored in data centers. Devices are used in highly insecure environments, including Wi-Fi hotspots, where intruders could potentially interfere. Moreover, according to a 2013 Ernst & Young whitepaper, millions of cell phones and smartphones are lost or stolen every year. Over their lifespan, approximately 22% of the total number of mobile devices produced will disappear, and over 50% of these will never be recovered.

Myth #7: We have great firewalls and network security, why bother?

Survey results from F5 Networks infer that network security is often not the issue; 57% struggle with the application layer instead. The frequency and severity of attacks on the application layer are considered much greater than at the network layer. 

Fifty-five percent say the application is attacked more often, with 58% thinking these attacks are more severe than at the network layer. Furthermore, there is a big mismatch in terms of budget allocation: on average, 18% of the IT security funding is dedicated to application security. More than twice that amount (39%) is pumped into network security.

Myth #8: Millennials are digital natives and more cautious

The common assumption that young talent, especially millennials, are digital natives and tech-savvy enough to safeguard corporate data is probably wrong. In fact, it’s likely going to be the opposite. 

Young people tend to be more relaxed and less concerned about privacy. They need even more awareness of today’s threats as they’re used to a completely different mindset where life is all about sharing, via social media and other channels that aren’t necessarily secure.

Myth #9: Strong passwords solve the issue

Strong passwords are powerful, but only when combined with other measures such as a two-factor authentication, for example. If strong passwords are too complicated to remember or users are forced to change them too frequently, people won’t be able to memorise them and will start making notes in one form or the other, thereby undermining even the most sophisticated security tools.

Myth #10: Let’s just hire a few more capable IT security gurus

Being understaffed remains the prime issue when it comes to countering cybercrime. Despite 47% of executives surveyed in 2017 by BMC and Forbes being willing to allocate more resources, the key question is how to find them. In a Trustwave 2016 report, 57% of respondents reported that finding and recruiting talented IT security staff is a “significant” or “major” challenge. Retaining these people is also viewed as a difficult problem by 35% of the respondents. 

There was a severe cybersecurity workforce gap, with 1 million vacancies in 2016, says Cyber Security Ventures. The shortage is expected to worsen and reach 1.5 million by 2019. Thus, hiring is a great idea, but much easier said than done.

Dark Reading
 

You Might Also Read: 

Directors Report January 2017. Cyber Security Checklist For Management (£)

Cybercrime Is A Growing Threat To Small Business:

Cybercrime Cost The Global Economy $450Billion In 2016:

Why SMEs Need Cyber Insurance:

 

« Snowden Can Stay In Russia For As Long As He Likes
Technology Can Not Diminish Insider Threats By Itself »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Group-IB

Group-IB

Group-IB is a leading provider of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigating high-tech crimes, and protecting intellectual property.

ClearedJobs.Net

ClearedJobs.Net

ClearedJobs.Net is a career site and job fair company for professionals seeking careers in the defense, intelligence and cyber security communities.

Latvian Information & Communications Technology Association (LIKTA)

Latvian Information & Communications Technology Association (LIKTA)

LIKTA brings together leading Latvian companies, organizations and professionals in the field of Information & Communications Technology

Cisco Talos

Cisco Talos

Talos is an industry-leading threat intelligence solution that protects your organization’s people, data and infrastructure from active adversaries.

Mitchell Sandham

Mitchell Sandham

Mitchell Sandham is an, independent insurance and financial services brokerage. Business products include Cyber/Privacy Liability insurance.

SOCOTEC Certification International

SOCOTEC Certification International

SOCOTEC Certification International has been providing management systems assessment and accredited ISO certification services to organisations around the world since 1995.

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference is a non-profit, annual, information security conference located in Halifax, Nova Scotia, Canada.

CyberSec Hub

CyberSec Hub

The goal of CyberSec Hub is to create a centre of excellence for cybersecurity in Krakow, a new European “Cyber-Silicon Valley”.

Siemens

Siemens

Siemens Industrial Security Services provide solutions for cybersecurity in automation environments based on the recommendations of the international standard IEC 62443.

SuperCom

SuperCom

SuperCom are a global secure solutions integrator and technology provider for governments and other consumers facing organizations around the world.

Enginsight

Enginsight

Enginsight provides a comprehensive solution for monitoring and securing your servers and clients.

Cyber Resilience Centre for Wales (WCRC)

Cyber Resilience Centre for Wales (WCRC)

The Cyber Resilience Centre for Wales (WCRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Patriot Consulting Technology Group

Patriot Consulting Technology Group

Patriot Consulting's mission is to help our clients manage cybersecurity risk through secure deployments of Microsoft 365.

Strivacity

Strivacity

Strivacity lets brands quickly add secure login and identity management capabilities to their customer-facing applications without tying up an army of developers or consultants to do it.

Cybertech Nepal

Cybertech Nepal

Cybertech Nepal is committed to provide high-quality cyber security solutions, including server assessment and hardening, forensics and malware analysis, end-point threat analysis, and VAPT.

BARR Advisory

BARR Advisory

At BARR Advisory, we build trust through cyber resilience. We help protect the world’s data, people, and information networks through a human-first approach to cybersecurity and compliance.