Blog/Expert Analysis/

9 cybersecurity myths you probably still believe

Elisa Armstrong

Elisa Armstrong


Jul 29, 2020


5 min read

Our beliefs guide our actions. If we believe an idea, we support it. If not, we’ll act against it. But how often do we check if our convictions are true? And even when we do, there’s another problem: the abundance of information makes it possible to back up nearly any idea with some sort of proof. But it’s one thing to act on your beliefs when the stakes are low (like horoscope predictions), and it’s a whole different story when we’re talking about cybersecurity, where one mistake could have terrible consequences.

So, are you sure your cybersecurity isn’t built on these 9 cybersecurity myths?

Myth #1 All you need is a strong password

You’ve probably heard that to stay secure you need a strong password. Well, Kevin Mitnick, the world’s most famous hacker, once took a 17-character password (qu4dr1l473r4l12*$) and demonstrated how a computer can crack it in under a minute. Does this suggest you shouldn't use passwords? Of course not. But the length or special symbols alone don't make a password strong. Despite the first impression that Mitnick's password might give, it is actually weak because its core is derived from the dictionary word 'quadrilateral'.

So what is a strong password? In the same video, Mitnick suggests expanding your password to phrases containing 30+ characters, like "wildunicornsroamthestreetsofnewyork". You could also use passwords that don't contain dictionary words, which is much easier to do if you use a password manager. And if you want even more security, you can additionally enable two-factor authentication.

Myth #2 New technology improves security

Does new technology help improve cybersecurity? It often does. But technology does not exist in a vacuum — it’s created and used by people. So new software or equipment alone is not going to help. Take password managers, for example: they’re a great piece of software, but if your password is ‘password’, you won’t get far.

All technology should be continuously tested, updated, and implemented. Otherwise, the result will be the opposite of what is expected from it.

Myth #3 Security in 7 steps

It’s not exactly a settled myth but many people believe that cybersecurity has a clear blueprint, a set of rules you need to follow to stay secure. If you implement it in your company, you'll be protected from hackers.

But security doesn’t work that way. Every new technology, app, or social platform creates new challenges for IT security teams. Things that were true yesterday may be false tomorrow. That’s why there’s no blueprint that can fit every company’s or individual’s cybersecurity needs. The only rules that apply universally include educating yourself about new threats and testing regularly.

Myth #4 Credit card data is hackers’ only target

Do cybercriminals care only about money? That may be true to some extent. But just because their ultimate goal is money, this doesn’t mean that credit card data is the only way they can get it.

Hackers will grab everything they can get their hands on because what they can’t use themselves they can sell. Have you ever checked what’s on offer on the dark web? You can buy passwords, customer data, employee credentials, Zoom accounts — you name it. Credit cards are among the cheapest items on there.

The reason is simple. In the digital underground, there’s always someone who wants something. Any data you can steal will likely have an interested buyer, whether it’s account credentials, an access to a tool, or someone's personal files. So yes — even if you don’t store credit card information, you still need top-notch security.

Myth #5 You’re safe as long as you’re not in the X or Y industry

Some company owners feel confident about their security, but not because they did something about it. The confidence comes from a false belief that they’re too small for hackers, or they’re not in a targeted industry. Do criminals have preferred industries? Of course. But companies from every industry, big and small, are at risk. If you think that you’re safe as long as you’re not in banking or another ‘big name’ industry, think again. In recent attacks, criminals have attacked schools, hospitals, and other institutions that don’t store credit card data.

A case in point is a remote honeypot set up by researchers, which was filled with malware within 3 days. You’re not invisible online — no one is. Criminals may not target you specifically, but you’re definitely on their radar.

Myth #6 Antivirus provides adequate security

We’re not saying that an antivirus doesn't help keep you secure. It does. But cyber criminals already expect you to have them installed and train their malware to sneak past security programs.

Antivirus software makes penetrating your network harder, and that’s what you want. Think about it as a house alarm. It’s good to have one, but it only works if you lock your doors and close your windows. Make sure your cybersecurity efforts go beyond an antivirus subscription.

Myth #7 Threats come from outside the company

Where do threats come from? If you imagine a hacker as a 20-something living in his parents’ basement, focusing on network security makes sense. But hacker attacks are just one type of threat — security within the company is just as important.

A recent study revealed that ‘flight-risk’ employees (those who plan on leaving) often pose a cybersecurity threat. While suspecting your coworkers is no pleasant business, keep that report in mind and make sure you manage permissions carefully.

Myth #8 When hackers come, you'll know

There's a recurring trope in crime dramas where the hero at the computer suddenly proclaims: "We're being hacked." This suggests that when hackers target your network, you (or your IT team) will know.

Hackers can be loud and bright occasionally, but they’re just as capable of executing a dangerous attack silently. Malware could be silently collecting data without even slowing down the system. There’ve been cases where malware was discovered years after the initial attack. Unsurprisingly, hackers don’t come in with a big red flag, notifying you they are here.

Myth #9 Scams are full of mistakes and easy to recognize

If you had to imagine a scam email, you would probably think along the lines of a “Nigerian Prince” scam with spelling mistakes in every third word. This can give you a false sense of security, making you believe that you’d be able to recognize a scam if you came across one. But not all scams contain mistakes. In fact, nowadays few of them do.

Email and website scams are often built to emulate a prominent brand or authority figure. Not only do they have perfect spelling, but also every other element (logos, layout, etc.) can be identical to the original.

Technology constantly changes and we have to do whatever we can to keep up with it. Make yourself informed and double-check what you hear. Stay safe.

Elisa Armstrong

Elisa Armstrong

Verified author

Elisa’s all about languages. She speaks five, loves stand-up comedy, and is writing her first novel. Besides her extensive knowledge of cybersecurity, she’s an expert in persuasion techniques hackers use and strives to teach people how to avoid online scams.