7 Cyber Security Myths & Misconceptions That Are Worth Knowing


With rates of cybercrimes increasing across the globe, cyber security has naturally become a foremost concern for many Aussie households and businesses alike. Whilst it’s certainly common knowledge that cyber security is vital to ensuring your safety and security when browsing the web, this area is still relatively shrouded in mystery for many Aussie families and business owners.

To help lift the fog surrounding cyber security and all its many complexities and considerations, we’ll be outlining 7 common myths and misconceptions that you may or may not believe yourself. Read on to help bolster your own knowledge of all things cyber security.

1. Cyber security best practices don’t change

Even though you may remember hearing about computer viruses like Trojan horses back when you were a kid, this does not mean that cyber security concepts and strategies aren’t subject to monumental changes at the drop of a coin. In fact, there are entire cyber security courses offered by tertiary institutes that revolve around disseminating the rapid-fire evolutions of threats online.

Simply put, cyber security best practices do change, as threats themselves are prone to immense developments. And with the introduction of AI malware that’s capable of practicing machine learning in order to better amend its approach when breaching security infrastructure like fire walls, it’s in your best interests to invest in a dynamic cyber security strategy that uses an array of barriers in order to keep your network secure.

2. Antivirus software provides enough protection

Speaking of dynamic cyber security strategies, the trends in ransomware and other forms of malware as outlined by the ACSC, or the ‘Australian Cyber Security Centre’, have revealed that even the most minute weaknesses in a business’ cyber security strategy can leave that organisation vulnerable to cyber attacks. Even weaknesses as seemingly minuscule as failing to run software or OS updates on time or failing to secure cloud systems, has been known to hold drastic impacts on a business’ overall digital security.

This is precisely why an investment in antivirus software truly isn’t enough protection. Although it can certainly be argued that the best approach to cyber security for your home or office begins with investing in antivirus software, it’s important to keep in mind that this investment really is to be considered foundational rather than the entirety of your cyber security strategy.

3. Complex passwords are ‘hacker-proof’

In a similar fashion to antivirus software only making up one facet of a truly dynamic cyber security strategy, simply relying on your passwords alone is also by no means a foolproof – or should we say ‘hacker-proof’ – approach to ensuring the safety and security of your digital accounts. Even if your passwords are complex and consist of a string of numbers, symbols and letters in no particular order, they can still be gathered by hackers in the event of a data breach, leaving your accounts vulnerable to falling into the hands of malicious third parties.

You can strengthen your account security even further by utilising MFA or ‘multi-factor authentication’. This particular security process involves using secondary forms of identification in order to verify your identity when logging into online accounts. MFA can take on many forms as well, and can range from asking personalised security questions (i.e. ‘What’s your mother’s maiden name?’) to sending one-time numeric codes via email or text to confirm your identity.

More and more banks, government agencies, schools, hospitals, and all other bodies that may provide sensitive digital accounts, are providing MFA features to their users to ensure additional security in the face of growing cyber threats.

4. Cyber threats always come from external sources

One of the most infamous security breaches of all time saw an employee bring a USB stick they had found outside in their company car park into the office with the intention of finding its owner. Unaware of the dangers posed by files or drives from unknown origins, this employee then plugged this USB stick into their computer, which then promptly released a malware application that would go on to hijack that organisation’s entire network, controlling it from the inside out.

This brings us to perhaps one of the most damaging misconceptions surrounding cyber security: that threats can only be found online. Although web-facing applications do require additional security measures when compared to internal systems or private networks, there is still every possibility that a virus or malware application can infiltrate your network from the inside, maintaining an interior point of origin.

For this reason, it’s imperative that businesses invest in cyber security training for their staff, as an awareness of the warning signs surrounding potential threats can drastically help reduce the likelihood of your business falling victim to a cyber attack, whether that attack originates from an external or internal source.

5. Your data has no value

Did you know that there are different types of phishing attacks? From smishing and vishing to spear phishing and whaling, there are an abundance of ways that malevolent third parties can get hold of your sensitive user data. And whatever data they do have of yours can actually go quite a long way.

In truth, virtually all user data has value, as any morsel of personal user data can be used by hackers across the globe to build highly-detailed user profiles piece by piece. If you’ve ever held an account with an organisation like a telecommunications company or even a school, that has recently experienced a data breach, then it’s highly likely that your data is already in hacker databases.

Hackers can purchase harvested user data on the dark web and use your wider web presence in order to develop a profile of you. The more sophisticated their profile, the higher the likelihood that they’ll be able to gain access to your accounts. In other words, any of your user data that has become publicly available, will leave you at risk of falling victim to a cyber attack, and this is precisely why all data is far more valuable than you may imagine.

6. You or your business are too small to be targeted

Drawing on from Myth #5, harvesting and selling data is a substantial industry on the dark web. In fact, there are hackers who make a living solely off of gathering and distributing data to global communities of black hat hackers. It’s this same lucrative industry that completely negates the misconception that a user or business can be ‘too small’ to be targeted by malicious third parties online.

Just as capitalism operates off of the fallacy of ‘exponential growth’, so too does the data harvesting industry. All data is of value because although data itself may be near-infinite by nature, the people and organisations represented by these figures or metrics are very much real, and thus, can be taken advantage of with the right information on hand. Regardless of whether you’re a five-person household or a corporation with five hundred employees, there is simply no reason why you should not be investing in your own cyber security. 

7. Investing in cyber security is expensive

Finally, there is one crowning misconception that inhibits many Aussie households and businesses from investing adequately in their cyber security strategies, this being that investing in cyber security is expensive. To this, we can only say that whatever you have to lose financially by investing in antivirus software and other security measures like VPNs and firewalls, can never hold a candle to what you have to lose if you do happen to fall victim to a cyber attack.

It’s not uncommon for cyber attacks to rob families and businesses over thousands of dollars, and this isn’t even the worst case scenario. Some individuals who have fallen victim to cybercriminals have lost their entire life savings to phishing and hacker activities. As heartbreaking as these outcomes are, they do put into perspective quite aptly the extent of the risks associated with failing to implement a dynamic cyber security strategy for your household or business.

Developing a strong cyber security strategy begins with educating you and your wider household or organisation on the true nature of the dangers that await online, and what it will take to keep yourselves safe. Hopefully, our breakdown of these common cyber security myths and misconceptions will provide you and your wider community with the knowledge that you’ll need in order to keep yourselves safe when browsing the web.

I am a computer engineer holding a bachelor's degree in Computer Science, complemented by a Master's in Business Administration from University of Strathclyde, Scotland. I currently work as a Senior IT Consultant in Melbourne, Australia. With over 15 years of...