Research from data security expert, Cohesity, has found that a third of UK workers believe only big businesses can get hit by hackers while small firms are not targets at all. This is despite the fact that SMEs offer rich pickings for cyber attackers. Moreover, one in six UK workers take no responsibility for protecting their business from cyberattacks, saying it’s only IT/cyber security teams that are responsible for protecting their company.
According to Cohesity these cyber security myths amongst employees are opening the door to malicious players, leaving UK companies dangerously exposed to cyber threats which can bring their businesses to a grinding halt or even total destruction.
The top five myths that workers mistakenly believe are:
- Cyber security – that’s just for the IT crowd. 60 per cent of employees think only IT or cyber security teams are responsible for protecting their company from cyberattacks. In reality, every employee plays a crucial role in keeping data safe.
- Ransomware steers clear of small businesses.A third (33 per cent) think ransomware attackers only target big businesses. The truth? Companies of all sizes are at risk. In fact, small firms are often even more at risk, as they frequently lack the skills and technology found in larger companies.
- Wi-Fi wards off ransomware. Almost half of workers (44 per cent) wrongly believe ransomware can’t spread through Wi-Fi – making it easier for attackers to catch people off guard.
- Pay hackers, lose twice: the data is still gone.33 per cent of employees believe that paying cyber criminals is the only way to reclaim company data after it’s stolen, despite the NCSC advising that organisations consider viable backups or decryption tools first.
- Macs, mobiles and USBs are immune. Over half of UK’s employees (58 per cent) assume that Mac computers will keep them safe and can’t be used as an entry point for cyberattacks. This is followed by mobile phones (51 per cent) and USB devices (39 per cent). In fact, cyberattacks can be designed for any connected device.
“Despite cyberattacks being in the headlines day in, day out, there’s much to be done when it comes to educating employees about what good cyber hygiene looks like,” warns Olivier Savornin, GVP Europe at Cohesity. “It doesn’t matter how advanced your cybersecurity solutions are if employees are unable to identify and escalate suspicious activity. Social engineering attacks specifically prey on human error, which means every employee is a potential target and a line of defence.”
According to Savornin building true cyber resilience requires a three-pronged approach – robust technology, continuous employee training, and a culture that actively promotes vigilance at every level of the organisation. Without this, organisations remain dangerously exposed.
