Between more sophisticated cybercriminals and immense pressure to ensure governance on compliance, 2021 is already shaping up to be a minefield. And as such, cybersecurity has risen to the top of most organisations’ agendas.
With this in mind, research from Sophos shows the top 10 cybersecurity misperceptions:
Misperception 1: We are not a target; we are too small and/or have no assets of value to an adversary.
Many cyberattack victims assume they are too small, in a sector of no interest or lacking the kind of lucrative assets that would attract an adversary. The truth is, it doesn’t matter: if you have the processing power and a digital presence, you are a target.
Misperception 2: We don’t need advanced security technologies installed everywhere.
Some IT teams still believe that endpoint security software is enough to stop all threats and/or they don’t need security for their servers. Attackers take full advantage of such assumptions. Any mistakes in configuration, patching or protection make servers a primary target, not a secondary one as might have been the case in the past.
Misperception 3: We have robust security policies in place.
Having security policies for applications and users is critical. However, they need to be checked and updated constantly as new features and functionality are added to devices connected to the network. Verify and test policies, using techniques such as penetration testing, tabletop exercises and trial runs of your disaster recovery plans.
Misperception 4: Remote Desktop Protocol (RDP) servers can be protected from attackers by changing the ports they are on and introducing multi-factor authentication(MFA).
The standard port used for RDP services is 3389, so most attackers will scan this port to find open remote access servers. However, the scanning will identify any open services, regardless of the port they are on, so changing ports offers little or no protection on its own.
Misperception 5: Blocking IP addresses from high-risk regions protects us against attacks from those geographies.
Blocking IPs from specific regions is unlikely to do any harm, but it could give a false sense of security if you rely only on this for protection. Adversaries host their malicious infrastructure in many countries, with hotspots including the US, the Netherlands and the rest of Europe.
Misperception 6: Our backups provide immunity from the impact of ransomware.
Keeping up-to-date backups of documents is business-critical. However, if your backups are connected to the network, then they are within reach of attackers and vulnerable to being encrypted, deleted or disabled in a ransomware attack.
Misperception 7: Our employees understand security.
According to the State of Ransomware 2021, 22% of organizations believe they’ll be hit by ransomware in the next 12 months because it’s hard to stop end-users from compromising security.
Social engineering tactics like phishing emails are becoming harder to spot. Messages are often hand-crafted, accurately written, persuasive and carefully targeted. Your employees need to know how to spot suspicious messages and what to do when they receive one. Who do they notify so that other employees can be put on alert?
Misperception 8: Incident response teams can recover my data after a ransomware attack.
This is very unlikely. Attackers today make far fewer mistakes, and the encryption process has improved, so relying on responders to find a loophole that can undo the damage is extremely rare. Automatic backups like Windows Volume ShadowCopies are also deleted by most modern ransomware as well as overwriting the original data stored on disk making recovery impossible other than paying the ransom.
Misperception 9: Paying the ransom will get our data back after a ransomware attack.
According to the State of Ransomware survey 2021, an organization that pays the ransom recovers on average around two-thirds (65%) of its data. A mere 8%got back all of their data, and 29% recovered less than half. Paying the ransom – even when it seems the easier option and/or is covered by your cyber-insurance policy – is therefore not a straightforward solution to getting back on your feet.
Misperception 10: The release of ransomware is the whole attack – if we survive that we’re OK.
Unfortunately, this is rarely the case. The ransomware is just the point at which the attackers want you to realize they are there and what they have done.
