Debunking the Top 5 Cybersecurity Myths | Eastern NC Now

News Release:

    October is National Cybersecurity Awareness Month. As a cybersecurity practitioner straddling both academia and industry, I frequently encounter disparities between common perceptions and the reality of cybersecurity. Here are five persistent myths that I consistently find myself debunking:

    1. Password requirements are ridiculous. Why must I change them so often? This couldn't be further from the truth. Login credentials serve as your primary means of authentication, making them a critical vulnerability if compromised. Let's break this down:

• Length matters exponentially: A four-digit numeric password offers 10,000 possible combinations, whereas an eight-digit password presents 100 million possibilities. Longer passwords significantly increase the difficulty of brute-force attacks.
• Time is your enemy: Given sufficient time, attackers can eventually crack even strong passwords. Regularly changing passwords mitigates this risk.
• Avoid predictable patterns: Modern password-cracking tools leverage algorithmic analysis and generative AI to detect and exploit patterns, inadvertently aiding attackers.
• Two-factor authentication (2FA) is essential: Even robust passwords benefit from an additional layer of security through 2FA or multi-factor authentication (MFA).

    Remember, security is fundamentally about deterrence. While stopping a determined attacker is exceedingly challenging, you can slow them down enough to make yourself a less appealing target.

    2. My information isn't valuable. Why would anyone target me? This myth is particularly dangerous, as it underestimates the value of personal and business data on the dark web. Here's a breakdown of what your information could be worth to cybercriminals:

• Credit cards:
• $100 each
• Driver's licenses: $150
• Bank account information: $40-$4,000
• Hacked social media or email accounts: $20-$50
• Netflix logins: $10-$20

    For business owners, possessing a Dun & Bradstreet (DUNS) number makes your company a potential target for identity theft, where attackers could leverage credit in your business's name. In the eyes of a hacker, all data holds potential value.

    3. Compliance equals security. This myth is particularly pervasive in the United States, where adherence to industry standards such as PCI DSS (for credit card processing), HIPAA (for healthcare), and Sarbanes-Oxley (for publicly traded companies) is often conflated with robust security. While compliance frameworks provide a baseline for security practices, they do not guarantee protection.

    For instance, I've heard from others in my field of systems where a VPN, firewall or other security appliances were installed but never configured with appropriate rulesets, rendering them nearly useless. The mere presence of these devices lulled executives into a false sense of security, illustrating how compliance can create a dangerous illusion of safety.

    4. Expensive tools alone ensure security. Many organizations, particularly those transitioning to e-commerce, fall prey to the belief that purchasing high-end security tools is sufficient. However, expenditure does not equate to security. Without proper implementation and configuration, even the most advanced tools can fail to deliver their promised benefits. It's akin to buying a state-of-the-art alarm system but never setting it up - you might as well put jingle bells on the front doors.

    5. Cybersecurity is prohibitively expensive. While it's true that comprehensive cybersecurity measures can be costly, the long-term benefits far outweigh the initial investment. Many organizations outsource their cybersecurity needs due to the high costs of analysis, testing, implementation and maintenance, which can range from $500 to over $20,000 per month, depending on the organization's size.

    However, integrating security into your business plan from the outset is far more cost-effective than bolting it on later. Proper planning and investment in cybersecurity can prevent costly breaches and data losses, ultimately saving your organization significant financial and reputational damage.

    I'm sure I'll find some more fun fallacies to crack for next time. Until then, keep watching the skies, folks.

    John Armke is a lead instructor, ethical hacking at Wake Technical Community College and a North Carolina Advisory Board member for Western Governors University