Cybersecurity Doesn’t Have to Be Scary: Top 3 Myths, Busted

Many people associate October with seasonal change, the cool winds of autumn, and the spooky Halloween fun. An exciting holiday, Halloween lets celebrants dress up, exchange sugary confections, and even playfully scare one another from time to time.

However, while the neighbor’s 15-foot tall skeleton yard decoration may be the scariest thing on your block, there is another, even scarier reminder during what is also known as Cybersecurity Awareness Month. To some blissfully uninformed internet users, sneaking throughout the back alley ways and lurking under their beds is CYBERSECURITY.

While the idea of cybersecurity being scary may sound farcical to many readers, it’s important to note that the big responsibility of online safety can seem overwhelming and, yes, scary to some other readers. However, safe internet usage — like other October aspects — does not have to be frightening. In fact, with just a little scrutiny, it’s easy to (ghost) bust some of the leading cybersecurity myths.

Myth 1: Hacking is Easy

Since the 1980s, popular culture has romanticized the idea of hacking, conveniently portraying it as easy to perform as a witch’s incantation. This incomprehensible secret art is spelled out by dark-wizard-looking hackers who, with a few strokes of the keyboard and proclaiming the magic words, “I’m in,” can easily ruin the lives of anybody on earth by stealing their livelihoods and identities.

Although there have been some large hacks that were as easy as guessing the CEO’s password, the reality is vastly different from most of the media’s humorous portrayal. Hackers, both ethical and unethical, are in fact some of the most persistent and dogged technical professionals on Earth. This unparalleled level of perseverance is required to join the elite ranks of cyber professions, specifically because hacking is hard and takes a long time. Most hacking operations, especially when a specific target is sought, take coordination, communication, and operational planning. Even in ideal conditions, successfully compromising a specifically identified person takes extensive research and investigation. These operations can last weeks, months, and even years. Very few security professionals would call these activities “easy” to perform.

Myth 2: You’re Already Compromised, So Nothing Matters

Interacting with everyday internet users can reveal certain resigned individuals who have given up on solid cybersecurity practices because they feel that “it’s all out there already, so it doesn’t matter.” These frightened folks often use this justification to ignore multi-factor authentication requirements or, even scarier, reuse passwords. However, what these users don’t know is that, in fact, most people aren’t compromised, and those who may be aren’t completely jeopardized.

While there have been sweeping hacks that have breached the information of wide swaths of individuals (see the Equifax hack), the information typically obtained is partial to the person as a whole. For example, an attack that may compromise an individual’s home address will not necessarily reveal their email address or their passwords.

As such, while some people may be partially compromised, very few individuals are completely and wholly hacked – and you probably aren’t one of them. Either way, cybersecurity still matters and doing small things, such as enabling multi-factor authentication and changing passwords from time to time, is still a great way to live online.

Myth 3: ‘I don’t have anything to hide. It doesn’t matter if I’m hacked.’

Some individuals live life blissfully comfortable with every decision they have ever made. They feel as if they have nothing to hide and have done nothing wrong. These individuals are to be commended and comforted until such a time as they realize that they may have, in fact, filled out that one tax form or job application incorrectly and, five years later, a data breach reveals that prison time is no longer a televised abstraction.

However, should that day never come, it is important for these blameless brethren to understand that cybersecurity is a group sport and exercising some basic common sense security awareness could protect themselves and others. Often, the pathway to an attacker’s end goal is not direct, but rather by taking advantage of multiple accounts, moving laterally and across networks until reaching the final target. If those who feel no danger of compromise also consider this fact and implement some basic security hygiene, everyone will benefit.

Cybersecurity Isn’t Scary

With the myth and magic removed from the cybersecurity aura, it becomes clear that proper online safety isn’t nearly as scary as this season’s werewolves, ghosts, and skeletons.

Furthermore, additional research suggests that werewolves and ghosts aren’t real, and with sound cybersecurity observance our skeletons will stay in our closets. Ideally, we have very little to fear this October!

T. Frank Downs serves as Senior Director, Proactive Services at BlueVoyant.