From Hollywood movies to shows like Mr. Robot, hacking has earned its place in popular culture.
But how does our idea of hackers square up to the real thing? Here are five myths about hackers.
Myth #1: All hackers are evil
While there are millions of criminals all around the world, thieves and fraudsters have always existed. The only difference is that now, they use computers to commit those crimes.
The vast majority of hackers are decent people with an interest in building, defending, and (sometimes) breaking things. The proper term for a hacker who breaks the law is a cybercriminal.
Myth #2: All cybercriminals are geniuses
When cybercriminals show up in movies, they’re almost always the smartest person in the cast.
This is understandable – villains have to pose a threat, and nobody wants to watch a film about two-bit conmen sending spam emails.
But just as the vast majority of hackers aren’t evil, most of the ones who are evil aren’t that clever. They use the same tricks over and over, hoping to get lucky.
These tricks (such as phishing scams) are tried-and-tested ways of getting into an organisation. They’re not sophisticated, but they often don’t need to be: if someone has a list of a hundred employee email addresses, someone might fall for them. This goes double if the workers haven’t been given proper training.
At Toffee, we believe the best defence is equipping workers with a reliable training package.
Myth #3: Hacking is complicated
The media would have us believe that the most dangerous hacks are the flashiest.
Extortion and ransomware attacks make excellent headlines, so these are the ones which get the most coverage.
These are still dangerous, but in defending ourselves against the flashy stuff, we often forget to cover ourselves against the simplest hacks – like scam emails.
Messages containing fake invoices have cost over $55,000,000,000 to date. And these are just the ones we know about.
Some cybercriminals choose simple scams because there’s no need for anything else. If a criminal gang can make millions through phishing emails, why would they bother learning something more sophisticated?
Of course, we still have to watch for the more sophisticated attacks, like ransomware. But a good defence often starts with making sure we have the basics nailed down.
Myth #4: Defending ourselves isn’t worth it
Some cybersecurity people say businesses don’t take threats seriously.
This is completely wrong. Most organisations, from SMEs to Fortune 500 companies, realise the threat posed by criminal hackers: it’s just the cost of defending ourselves can be eye-watering.
Much of this is down to people selling overpriced packages, often making promises of “total protection”. But no defence is complete, and anyone who says they offer total protection is lying.
As cybersecurity professionals like to say, “the only truly secure computer is one not connected to any network, a hundred feet underground, and surrounded by sharks.”
Myth #5: Only big companies are targets
We’re so used to seeing big-name hacks in the media that you’d be forgiven for thinking SMEs don’t need to worry.
But most cybercriminals go after small businesses because they see them as easy targets. We’ve seen tiny charities hit with cyber-attacks which, if they’d succeeded, would have probably seen them shut down.
This isn’t an exaggeration. Research shows that 60% of SMEs which fell victim to a cyber attack went out of business within six months.
Nothing can guarantee our safety, but the best way to defend ourselves is through the right employee training.
With 95% of hacks caused by workers making mistakes, it’s more important than ever to train our employees. That’s why we made Toffee; a fun, all-in-one training package designed especially for SMEs.
