3 myths about cybersecurity

More than 54% of Canadian companies reported experiencing cybersecurity incidents. October is Cybersecurity Month and we wanted to share 3 myths related to cyber hacking.

What is cybersecurity?

Cybersecurity is about protecting digital content and data on the web from malicious threats.

You should know that this affects all elements related to an internet connection: your intranet, your emails, your social networks and your website are directly targeted by hackers for the data you create and the information you share.

In 2022, it took an average of 277 days—about 9 months—to identify and contain a breach.

Source : Cost of a data breach 2022 IBM

Myth 1: My busines isn’t a target

You might think your business is too small to be attacked? Or maybe your industry is not attractive to web hackers that just hack into the systems of organizations like Desjardins?

This is FALSE. We keep saying it: any company is susceptible to a computer attack.

Hacking is the theft of sensitive data or important information that is stored online, via a website, emails or a computer.

Profiles and motivations of hackers

There are different pirate profiles and for each is a different motivation We’re showcasing some of them below :

• Hacktivists: Their goal is to expose what they believe to be abuses in society in order to bring about change, whether social or political.
• Black Hats: They are at the origin of malicious software, developed to harm, these allowing in particular to infect computers and websites. Their main motivation is money, whether for spying, stealing banking information or stealing confidential data.
• Script-kiddies: It is often young people who play with easily found hacking programs on the internet to create damage. Their motivation is often personal and they are not appreciated by the world of pirates because they do not master either the ethics of the environment or the technique.
• White Hats: They perform system testing at the request of certain organizations to test computer security. They use the same methods as the Black Hats, but do so with the permission of the company that employs them.

Victim selection and consequences

As you can see, each pirate has his own area of expertise!

As we mention in the article “Avoiding getting hacked, is it possible?“, the theft of sensitive information (credit card number, passwords, confidential data) is the most popular reason for hacking, but it can also happen that hacking attacks are set up by jealous competitors or former disgruntled employees.

In 2018, according to the Internet Society’s Online Trust Alliance, computer pirates have performed more than 2 millions attacks, a 20% increase over the previous year.

We can easily imagine the record increase that will be observed in 2020 with the emergency conditions quickly established with COVID-19 for certain structures not prepared for telework. Computer pracy annualy costs more than $59B as this article on article on cybercriminality shows on Radio Canada (French only).

Myth 2: My website isn’t important enough

Your website only contains a few pages and you’re thinking you’ve probably got very low odds or experiencing computer piracy?

This is FALSE. Your data is important to hackers, no matter the size of your website.

According to a study conducted by SiteLock in 2022, a website experiences an average of 172 attacks per day. Our team performs weekly malware removals on the websites of self-employed workers and small businesses. Whether you have an e-commerce site with sensitive customer data or a blog sharing tips with your subscribers, you produce data and you share information. This can be worth gold to some!

How does a website get hacked?

Hackers use automatic tools such as Botnets (a contraction of robot and net), making it possible to act in a massive way using automations such as spam mail or by injecting code into a website in order to take control of it. Whether you use WordPress or another technology, the process remains the same.

In the case of WordPress, they will attempt to take advantage of security holes in your website:

• A version of WordPress which isn’t updated
• A password that is too simple
• Unsecured web hosting
• Outdated plugins and themes
• Inattentive administrators

How to limit the risks?

• Perform regular maintenance
• Use strong passwords
• Enable two-factor authentication
• Act in a safe and prudent manner
• Convert your website to HTTPS
• Keep abreast of digital developments

Myth 3: My team must already know best practices

Assuming your team already knows what to do could cost you a new website! It is very important to have a clear procedure for:

• password management
• using their personal computer or phone to access sensitive data during COVID-19 and remote work

As we were mentioning in our aticle “Protecting your personal data: the keys to a safe and secure web site“, it’s essentiel to train your team and involve them in this war against digital attacks.

Conclusion

While our team of experts can certainly help you with a website malware removal, our superpowers don’t stop there!

A hacked site, with no backup, may be lost. We therefore strongly advise you to act upstream by setting up a real security procedure to avoid losing a website, or much worse your customers and your reputation.

Imagine if one of your customers saw their bank details stolen via a purchase on your website when they had given you their trust, this could have far greater consequences for your business than a website to be redone…

Would you like to discuss your security issues with one of our WordPress experts? Contact us today!