We live in an age in which cybersecurity can make or break a business. But, unfortunately, we also suffer from widespread misinformation or “fake news,” if you will.

The combination puts organizations at critical risk because decision-makers need true facts to ensure digital assets are kept out of harm’s way. Hackers have made bank exploiting vulnerabilities, and it’s time to close the disinformation gap between fake news myths and cybersecurity realities.

Krystal Triumph, an IT consulting professional in NJ shares some common information about cybersecurity breaches.

1: Hackers Only Target Big Corporations

When large corporations suffer multi-million-dollar data breaches, the crime results in splashy headlines. Media outlets know they can sell and resell doomsday hacks, such as the Equifax incident that compromised upwards of 147 million personal identity files. Big numbers and dollar-amounts garner click-bait responses. When a small or mid-sized company gets pinged, the media rarely covers the crime.

According to a 2020 Cybersecurity Statistics report published by The Manifest, “New data breaches surged by 424 percent last year, fueled by hackers targeting more small businesses.” The report indicates that 15 percent of small businesses “faced either a hack, virus, or data leak,” last year. The true facts about hackers are that they troll the internet searching for the low-hanging fruit. Small and mid-sized businesses that buy into the myth they are not targets often suffer the consequences.

2: Complex Username & Passwords Are Effective

The mainstream media inadvertently pushes a false narrative that complicated login profiles are effective deterrents. Political operative John Podesta became the poster child for subpar passwords after WikiLeaks published thousands of his private emails. Whether it’s fact or fiction, a narrative circulated that his password was, well, “password.” This, perhaps, urban legend sustained an idea that using a series of complicated characters would have avoided the breach. Not necessarily.

The true facts are that determined cybercriminals have an entire toolkit at their disposal to penetrate employee emails and devices. These may include phishing schemes, spyware, and password spraying tactics, among others. That’s why businesses of all sizes are implementing two-factor authentication security. Commonly called 2FA, this process requires a staff member to receive a separate code on a secondary device. They must input that code along with their username and password before gaining access to a network. Complex passwords are good. But the true facts are that layered cybersecurity is effective.

3: You’ll Be Promptly Alerted About A Breach

Companies invest in antivirus software, firewalls, and other cybersecurity measures with the idea hacks will be prevented, and they’ll get prompt alerts about threats. It’s an almost logical conclusion given the widespread information about ransomware attacks that hold business networks hostage until bitcoin payments are made. But these smash-and-grab cybercriminals are just the tip of the iceberg. The thieves you really need to worry about are digital burglars.

Take a moment to consider a nefarious individual has successfully unveiled an employee’s username and password. That hacker can now infiltrate your system through a credible login profile with absolute impunity. What would motivate them to pull a grab-and-go of your digital assets? Nothing.

The true facts are that once a digital burglar has defeated your security, it may be in their criminal best interest to covertly copy files, company secrets, bank account numbers, and personal identity records. These assets can be sold on the Dark Web, and it could take years for an organization to detect. Consider the following example.

Marriott, the hospitality giant, reportedly suffered a long-term breach that may have run for four years. Digital burglars were apparently able to steal the information of upwards of a half-billion guests over that period. Needless to say, Marriott probably believed they would be promptly alerted to even a minimal threat. The true facts do not support that myth.