There are a number of myths floating around both the consumer and corporate sectors these days. These are half-truths or even flat-out lies that extend to device security, hacking and data breaches as well as protecting personal information, and quite often, they are doing more harm than good.
Myths like these have consumers and enterprise staff alike carrying out processes that they think will protect themselves, but could actually be creating more vulnerabilities. These issues occur more frequently in the consumer sector, as most companies have a well-informed IT team in place that can help them steer clear of these land mines. However, even the best IT manager has fallen prey to a well-disguised and widely-believed myth in the past.
Today, we'll take a deep dive into the top myths circulating across different industries. We'll examine how these myths got started, as well as what makes them untrue and how companies and consumers can better protect themselves. Let's take a look:
Myth #1: The top cause of data breaches is hacking and malware
When one imagines a data breach scenario, the first things to spring to mind are often a cloaked cybercriminal, deploying malware from his laptop at an undisclosed location. While some of the highest profile breaches did occur in this way, a leading myth spreading currently is that hacking and malware are the top causes of data breaches.
According to Trend Micro, the leading cause of breaches today is device loss. Right now, the loss of a device containing sensitive data accounts for a whopping 41 percent of all breaches. Hacking and malware, on the other hand, only causes about 25 percent of breaches.
"Companies may often overlook the kind of sensitive information stored on their employees' laptops, mobile devices and even thumb drives," Trend Micro noted. "If any of these devices get lost, stolen and are left unprotected, they become an easy way to steal data."
While this does not mean that hacking and malware aren't formidable threats, this shows that corporate employees must work to better protect any device that contains sensitive enterprise information, including their own personal devices or those supplied by their employer. A few best practices to enhance protections here include using a screen lock and password to prevent unauthorized access, as well as encrypting data stored on a device so that is it unreadable to anyone without access to the decryption key.
Myth #2: Small businesses and individual consumers are immune to hacking
Lifehacker contributor Alan Henry pointed out that many take the "No one would want to hack me" approach because they don't think they have anything of value that would attract cybercriminals. This viewpoint is often seen with individual consumers and small mom-and-pop businesses that may just be getting their feet wet with online presence and technology. Henry noted that this is often known as "security through obscurity," and can be incredibly threatening to consumers and businesses alike.
"The problem with playing the odds is that, of course, it only takes one bad roll to ruin your day," Henry wrote. "While it's true that most of us don't have to worry about being specifically targeted, the most common threats aren't the ones that target you specifically they're internet-wide fishing expeditions by automated bots looking for vulnerable computers and networks."
The truth is that even the smallest of businesses and regular consumers have something to offer hackers. Whether that be the small cache of customer personal information an organization stores, or the name, Social Security number and birth date of an individual – no one is immune to attack.
"Even if you don't think your data is valuable, keep in mind that any personal or financial information is valuable to a potential identity thief," Henry pointed out.
In fact, hackers have been known to compile profiles on individuals and sell them on underground marketplaces for fraudulent purposes. This way, even if the profile is incomplete – it could be missing a key piece of information like a Social Security, but contain details like a person's name, address and phone number – it is still valuable to cybercriminals willing to put in the extra work to obtain all the necessary details for identity theft.
Myth #3: The retail industry is at the highest risk for data breaches
Another widely-held myth is that the retail industry is the number one sector for data breaches. Although, in the past, many of the publicized breaches took place within retail stores (think the Target breach of 2013, which became the face of breaches for months), Trend Micro research shows that retail actually ranks fourth in terms of breaches.
Trend Micro researchers found that health care is the most affected sector, with 26.9 percent of all breaches occurring in this industry over the last decade. Education came in second with 16.8 percent of all breaches, followed by government organizations with 15.9 percent. Finally, retail saw only 12.5 percent of breaches over the past 10 years.
This myth shows that while businesses in the retail certainly shouldn't overlook their security and breach prevention, other industries – namely health care, education and government – should brush up their data protection and intrusion prevention.
Myth #4: A malware infection will be obvious
A number of individual users in particularly believe that if their device is infected with malware, it will be obvious. These users believe that certain symptoms will appear to notify them of infection, including slow performance or an increase in pop-up ads, That's Nonsense contributor Craig Charles noted.
This is one of the more dangerous myths that couldn't be farther from the truth. In fact, the vast majority of malware today is specifically designed to fly under the radar, whether present on a consumer device or within an enterprise network. This gives hackers more time to carry out malicious processes while the device owner or network administrator is none the wiser.
It's important to understand that, similar to direct hacking, anyone can be a victim of malware infection and, more often than not, the infection will not be easy to spot. This is why it's crucial to have a monitoring system in place that checks the device or network for suspicious activity that can be associated with a malware attack.
Myth #5: Personally identifiable information is the most valuable and sought after
While PII has historically been the most popular type of record stolen by hackers, this doesn't mean that it is the most valuable. Trend Micro also noted that contrary to common beliefs, PII doesn't always provide the most bang for one's buck when it comes to cybercriminal intrusion.
"It really depends on the situation and the attacker's goal. If the aim is to get educational or health records, having a person's PII will give the attacker a higher chance of accessing those bits of information," Trend Micro pointed out. "If attackers really want to gain access to the proverbial keys to the kingdom, they would go for credentials, more specifically, the credentials of a network administrator."
In addition, Trend Micro researchers found that the price of PII on underground marketplaces has been falling recently. This is largely due to the fact that there is such a surplus of this type of data available. PII records that used to sell for $4 a piece are now selling for $1 each, and credit card numbers of all brands are now sold in bulk.
This shows that hackers are getting more creative when it comes to their information theft. For example, Trend Micro found that hacked Uber accounts are being sold more frequently for just over one dollar each. This sends an important message to individual users as well as enterprises – all types of data is at risk of cybercriminal activity and theft. Therefore, it's critical to make sure that all sensitive details are properly safeguarded with a best-of-breed security solution.
As most threats live in online environments, it's also essential to have protection in place for Web activities as well. Safeguard you and your business with Trend Micro's Internet Security solution. Contact Trend Micro today for more information.