Short description of the article

  • Intro

  • What is cybersecurity?

  • Why cyber attacks are so dangerous?

  • 5 most common myths of the cybersecurity

  • Conclusion

Intro

In today’s automated world the special attention should be addressed to the cybersecurity of your data and activity online. The times when network security was related only to big corporations and institutions are gone. Nowadays, each and every person might be a potential victim of cyber attack regardless of the status and financial resources on the bank account.

It's important to be aware of the serious cybersecurity problems currently affecting technology. Therefore, this article will reveal some myths about cyber protection in contemporary reality in order to illustrate the whole spectrum of possible threats.

WHAT-IS-CYBERSECURITY-1

What is Cybersecurity?

The definition stands for the protection from the cyberattacks any internet-connected systems, such as hardware, software and different types of data.

In fact, there is an opportunity to identify different threat actors who might undermine the integrity of the security status of your device:

  • Cybercriminals: they attack systems and steal information for profit.

  • Hackers: there are two types: 1) professional hackers who work to benefit companies by improving security; 2) malicious hackers who are professional criminals aiming financial gain by means of getting access to the bank account, personal passwords, faking antivirus, and blackmailing.

  • Hacktivists: who is politically, religiously or socially motivated with the aim to reveal controversial truth about their opponents.

  • Cyber terrorists: this type is not common yet, however, with the further evolution of digitalization, there is a great chance cyber terrorists might replace the traditional notion of terrorism and become the global challenge.

  • Nation states: are launching cyberattacks against other countries.

In addition, with the evolution of technological advances, the cyber risk was growing and became more diverse, too. There are different types of cybersecurity threats, like:

  • Ransomware is a kind of malware when an attacker who locks the victim's computer system files (usually through encryption) and subsequently demanding the payment to decrypt and unlock them.

  • Malware is a program or a file that used to harm a user device. It may include worms, computer viruses, Trojan horses and spyware.

  • Social engineering is an attack that based on interaction with the user in order to trick the user into breaking security procedures in order to gain the sensitive information that is typically protected.

  • Phishing is a form of fraud where emails are sent (that usually resemble emails from reputable sources) with the intention to steal sensitive data, such as credit card or login information.

190318_a22699

"Bad news, Your Majesty - it’s a cyber attack.”

(source: a cartoon by Michal Maslin for the Instagram account the New Yorker)

Why Cyber Attacks are so Dangerous?

Needless to say that except the leaking of information, damaging the data and undermining the reputation of the user, cyber attacks have a more deepen the notion of threats and dangerous effects. There are some of them:

  • It is quite contagious, means that the device might be hacked even without clicking on malicious links or email attachments. Nowadays, threat actors are using remote execution exploits (like EternalBlue) or Remote Desktop Protocol (RDP) brute force attacks, which allow them to avoid interaction with the users.

  • Economic expenses. Every year it causes billions of dollars to deal with the attacks. Thus, after the companies are hacked, they usually lost a big part of their financial resources as well as customers loyalty.

  • The domino effect. It takes only one computer to compromise the whole network. Hackers could easily spread malware (or other infections) from one computer to another by means of using exploits or collecting credentials and hijacking legitimate tools such as PsExec and the Windows Management Instrumentation Command-line (WMIC).

  • It is not easy to get rid of malware after the attack. Needless to say that the cleanup process might take months due to the restoration of machines and checking the network for any signs of left malware. However, some viruses (like WannaCry and QakBot) could leave some backdoors and scheduled tasks that could reinstall themselves after some time.

  • Companies’ built-in system tools could be used against the companies itself. Rather than dropping malicious files onto the disk, criminals are abusing legitimate tools like macros, PowerShell scripts, PsExec, and WMIC to execute their attacks. This "living off the land" approach helps attackers hide in plain sight—achieving execution, persistence, and lateral movement using otherwise valid applications. With no malware involved, security that relies on identifying and blocking malicious files is useless. That might explain the failure of anti-virus and next-generation AV solutions to protect the computer from the cyberattacks.

5-MOST-COMMON-MYTHS

5 Most Common Myths of the Cybersecurity

Our dev team would like to stress on (and consequently explain) the most common myths regarding the cybersecurity.

Myth #1 “Cyber crimes happen only to the influential corporations and businesses, therefore I am out of the risk”

Reality: It is not true. Thinking that if you do not possess any relevant data (as it is usually portrayed in the Bondiana movies - the data that will change the world order), then automatically you are out of the risk zone. This is a false assumption. In fact, a cyber attack might happen to everybody who is connected to the Internet.

Myth #2 “Mobile phones couldn’t get hacked, so it is the safest among the devices”

Reality: Usually we hear about cybersecurity in relation to the computers, however, your smartphone should be protected, too. Phones (not to mention laptops and personal computers) have to contain the antiviruses software to decrease the possibility of cyber attack and data leaking from your devices.

Moreover, the security protocols the company’s computers are subjected to don’t provide security to the personal devices of the employees. It is crucial to understand this, due to the fact people usually tend to suggest the opposite. In fact, the policy “Bring Your Own Device” might cultivate the great cyber risk to the company. In that case, employees who use their personal devices (including smartphones and tablets) for work purposes should follow the same protocols put in place on all of the network’s computers. “Bring Your Own Device” policy suppose to cover all device that has access to the Internet including wearables and any Internet of Things devices.

In case you would like to know about security apps, read our article “Cybersecurity Apps that will be Helpful in 2019”.

Myth #3 “If I have an Antivirus software - I am safe”

Reality: For 2019 to have an antivirus on your device won’t be enough. Unfortunately, nowadays the mechanism of the cyber environment is much more complicated, therefore you need a little more than just the installment of the antiviruses to be safe. A hacker’s job is to find ways around antivirus software. Moreover, hackers could hide the virus in a system for approximately half a year. Therefore, the system might be helpful for containing the damage, nevertheless, it does not prevent cyber attacks from happening.

Myth #4 “A strong password is enough”

Reality: Perhaps, ten years ago a strong password might be considered as one element of securing your device, however, it is not enough for today. A good cybersecurity practice might include two-factor authentification and data monitoring.

Myth #5 “I would know straight away whether my device was hacked”

Reality: No, you won’t. Modern malware has been evolving into ones that are hard to detect, therefore you could not tell immediately if there was an attack at your computer or not. There will be no signs of damage or progressing infection (e.g. pop-up ads or slow-to-load browsers), instead of it your computer will be running smoothly.

CONCLUSION

Conclusion

Take in mind that to achieve a 100% cybersecurity is an additional myth that needs to be disproved. Cybersecurity has to be approached as a process due to the fact that new threats emerging and evolving every single day.

Cybersecurity is a global issue nowadays. In order to be ready to deal with cyber attacks, you have to identify what is a myth and what is a reality. Therefore, the cyber attack might happen to everybody who is connected to the Internet not only to big and significant corporations. There is no device which is not in the risk zone to be attacked. Consequently, mobile phones could be easily hacked as well as laptops and PCs. Since a hacker’s job is to find ways around antivirus software or passwords, therefore, to install the antivirus on your device or only create a strong password won’t be enough to ensure the total security. And the last, but not the least, due to the fact that modern malware is hard to detect - you could not know when your device was infected. Taking that into account, cybersecurity should be considered as a strategy rather than a tool to solve an issue of attack.

Our team wishes every user to stay safe while enjoying the advantages of digital society!