There are many cybersecurity myths, just as in any industry that demands specialized knowledge. People often make reckless statements about viruses, anti-malware programs, and general cybersecurity practices. This leads to unbelievably silly—and potentially costly—situations.
Now, we’re here to set the record straight. We’ll show you which beliefs are myths and which have some truth to them. We’ll debunk 15 common cybersecurity myths.
1: Malware Only Infects Computers and Laptops
When most people talk about “computers and laptops,” they’re usually referring to desktop operating systems like macOS, Windows, and Linux. Indeed, these systems are prime targets for malware, with Windows and macOS representing more than 85% of all malware attacks. However, this doesn’t exclude mobile devices—such as those running Android, iOS, or Windows Phone—from being targeted. Certain types of malware, like banking trojans and spyware, are even specifically designed for mobile operating systems.
Injecting malware into mobile devices can be more challenging because each device manufacturer often adds their own modifications to Android. This lack of standardization complicates malware development. Meanwhile, iOS devices offer robust protection against tracking and sniffing efforts. Knowing how to remove malware from your device is crucial.
2: Spamming Email Can’t Harm Your Computer
Spam in email has become commonplace over the last five years. Despite your best efforts to protect your email from fraudsters, you might still receive spam messages. These emails often contain intrusive advertisements but sometimes include elements designed to capture your attention, such as links to external sites or attached files. These messages are frequently disguised as routine reports, delivery notifications, or invitations. The myth that spam emails can’t harm your computer is widespread.
But how can these emails be dangerous? The attachments often contain scripts that trigger malware downloads. Links may lead you to phishing sites or exploit critical vulnerabilities to install malware on your computer. Don’t be fooled by less harmful-sounding malware like adware or rogue software; these are often just a front for distributing more sinister threats like spyware and backdoors.
3: Cybercriminals Don’t Target Small and Medium Businesses
This common cybersecurity myth suggests that cybercriminals, who often deploy ransomware and spyware, typically overlook small and medium-sized businesses (SMBs). While it’s true that certain complex malware types, like Advanced Persistent Threats (APTs), require substantial effort and resources to deploy, making them less cost-effective against smaller targets, this does not imply SMBs are safe from attacks. Some ransomware groups may avoid targeting sectors like government, education, and critical infrastructure, but this doesn’t mean other businesses are off the hook.
Ransomware groups, from small outfits to globally known ones, view SMBs as their primary targets. Unlike large corporations that can afford advanced Endpoint Detection and Response (EDR) solutions tailored to their specific needs, smaller businesses often rely on more affordable, less sophisticated anti-malware software. This makes them an easier target for cybercriminals, who capitalize on these vulnerabilities for profit.
4: Computer Viruses Do Not Affect PC Speed
Some malware is indeed designed to operate stealthily to avoid detection. Malware like backdoors and spyware, for instance, can run quietly in the background, mimicking legitimate system processes while consuming minimal CPU and RAM. You might not even notice their presence until flagged by an antivirus application. However, these types of malware are less common compared to their more disruptive counterparts.
Cryptominers and ransomware can severely hinder your computer’s performance, making it nearly unusable. Both activities demand substantial CPU resources as they run intensive processes in the background. Even seemingly less harmful programs like adware or rogue antivirus software can cause significant slowdowns and performance issues similar to those experienced with more serious malware. Amateur programmers often create these nuisances, leading to potential memory leaks that progressively degrade your system’s performance. Imagine a throwback to the Windows 95 era, complete with frequent blue screens of death (BSOD) and necessary reboots after each new device installation!
5: You Cannot be Attacked on Facebook or Other Social Networks
Facebook, Twitter, Instagram—all these social networks are extremely popular nowadays and are prime targets for major spam campaigns. These campaigns manifest in comments on posts, advertisements, and even direct messages (DMs). While you can mitigate the risk by closing DMs to strangers, cybercriminals sometimes use hijacked accounts to send spam to people on their friends’ list. It’s a sly but effective tactic, and cybercriminals are not known for their morality.
Attacks on social networks often involve phishing (more commonly) and malware installation. The latter may include a redirect link that triggers a malware download, misleadingly described as a very useful tool that’s extremely popular. Another common method involves malicious links within advertisements. Paid promotions on Facebook and Instagram suffer from lax moderation, making it easy for attackers to use appealing images and links that lead to malware downloads.
6: Antivirus is Enough to Keep Your PC Safe
Imagine dropping your mobile phone from three feet. It might survive without any noticeable damage. However, if you repeatedly throw it against a wall or wash it in the shower, it will eventually break down, despite being dust- and waterproof. Antiviruses work similarly. While they may offer robust protection and feature advanced heuristic engines, they are not foolproof. Constant exposure to a barrage of different malware samples can result in one slipping through.
Gridinsoft Anti-malware software can offer nearly perfect protection efficiency in a well-protected operating system where basic cybersecurity principles are followed. However, vulnerable and outdated systems can render antivirus software ineffective against sophisticated malware. Moreover, disabling antivirus to install a cracked application can completely neutralize its effectiveness. Using anti-malware software correctly is crucial to ensuring it provides adequate protection for your PC.
7: Individuals Should Not Be Afraid of Spyware and Stealers
Spyware and stealers are often associated with cyberattacks on corporations. In these cases, highly sophisticated malware is used to extract as much confidential information as possible. While it might seem illogical to deploy such precise tools against individuals, there’s another side to this coin. Spyware, stealers, and similar malicious software are not limited to “professional” use. They also exist in unwanted programs and mass-market malware.
Apps that track the geolocation of your significant others, activity trackers, and no-name navigation applications—these can be spyware. They may offer real functionality that you enjoy, but this doesn’t negate their malicious nature. While individuals might not have valuable data to sell on the Darknet, the information gathered can still be valuable. Advertisers, spammers, and cybercriminals looking to build a botnet are willing buyers.
8: Cyber Threats are Only External
Cybersecurity experts often focus on external threats like RDP brute-forcing, exploits in software like Photoshop and Exchange, and email spamming. However, they sometimes overlook one of the hardest-to-avoid threats: insider threats. Insiders are company employees who work for rivals or cybercriminals aiming to compromise your organization.
Implementing an insider threat can be complex and may take years to fully execute. Initially, new employees don’t have access to sensitive information. Over time, as restrictions ease—especially if the imposter has high neuro-linguistic programming skills—they can gain access to the company’s network and data. While external threats are significant, an insider can bring these threats into the company, either intentionally or recklessly.
9: Viruses Can Be Easily and Immediately Identified
This myth is only partially true because the success of virus detection depends on several factors. These include the type of malware, its variations from previous versions, and the quality of the anti-malware software you use. Different antivirus vendors provide updates with varying frequency, affecting the quality and speed of detection.
The detection ratio can vary based on the type of malware. Classic malware like spyware and backdoors are usually easier to detect because they have more recognizable patterns. In contrast, adware and browser hijackers are easier to disguise and obfuscate as they don’t penetrate deeply into the system. For malware that is a reshaped version of an original, detection relies heavily on heuristics—the ability of the security tool to identify malware based on behavior alone.
10: The Backdoor Virus Does Not Affect the Operation of the Computer
Backdoors, as their name suggests, provide unauthorized access for cybercriminals. Once they have full control of your system, their actions can be unpredictable. If the malware is injected just for amusement, cybercriminals might scare you by moving the mouse pointer, opening and minimizing tabs, or shutting down the system. While this reveals the backdoor’s presence, it’s not the most common scenario. More often, cybercriminals use backdoors for profit, operating stealthily.
Backdoors typically prefer silent activity to facilitate ongoing operations. For the initial period (1-2 weeks post-injection), the backdoor remains completely silent, collecting information about the system, typical activity hours, and login credentials if possible. To maintain invisibility, the backdoor might create a secondary administrator account and hide it using basic Windows functions. This action can have noticeable effects, as another user requires disk space and hardware resources. Therefore, you may observe indirect signs of its presence.
11: Botnets Do Not Launch Spam Campaigns and Do Not Attack Social Networks
This is another cybersecurity myth to watch out for. While it’s true that botnets cannot launch spam campaigns on their own, they are essentially networks of compromised computers controlled by cybercriminals. These cybercriminals can orchestrate spam campaigns using the botnet. Conducting spam campaigns manually is challenging and costly, even with a large team. Botnets provide an efficient solution for mass spamming. Another cybersecurity myth that confuses users.
The notion that botnets do not attack social networks is also false. Spam campaigns are most effective when they reach large audiences, which is why they often target social networks. A single bot’s message on social media can attract the attention of dozens of people. Thus, when you hear “botnet spamming,” it usually refers to activities on social networks or email.
12: Sophisticated Security Tools Keep Your Business Safe
This cybersecurity myth is close to being true. Anti-malware vendors worldwide offer EDR solutions that can protect entire networks, including servers and IoT devices within a company. However, the human factor is often overlooked. Zero-click attacks, which require no human interaction, are rare. Most cybercriminals rely on human errors.
Both ransomware distributors, who acquire malware samples through affiliate programs, and skilled hackers who inject self-made APTs into corporate networks often exploit human recklessness. For instance, system administrators might neglect to establish secure RDP connections, or an overworked secretary might open an email with a suspicious attachment. While EDR can thwart many attacks, it is not a cure-all. People frequently believe cybersecurity myths, which can lead to vulnerabilities.
13: Regular Scanning is Enough to Keep Your Computer Clean
There is some truth to this cybersecurity myth. Many classic anti-malware programs are designed to offer peak protection through on-demand scans. However, all vendors emphasize that proactive protection alone is insufficient for keeping a device 100% malware-free. An important variable often overlooked is the detection database and its updates.
Many anti-malware vendors offer free versions of their software, allowing users to remove viruses without charge. However, these free versions typically do not include regular database updates. While free versions may still receive patches unrelated to detection, their ability to effectively spot and remove malware diminishes over time. It is essential to rely on trusted sources to avoid believing in cybersecurity myths.
14: Ordinary Users are Completely Protected From PC Hacking
This common cybersecurity myth is far from the truth. Ordinary users, who make up the majority of the PC market, are prime targets for cybercriminals. Cybercriminals exploit users’ inattention, recklessness, and desire to save money. Although the average level of cybersecurity knowledge has increased significantly over the past decade, it is still not enough to eliminate the need for anti-malware software or deter cybercriminals from targeting individuals.
As long as there is a market for hacked software, film camrips, and hacktools, there will be a risk of acquiring malware along with (or instead of) the desired product. The primary characteristic of this majority is, unfortunately, greed. People often prefer not to pay for legitimate products, only to end up paying for PC repairs. Breaking this vicious cycle is necessary before making such broad claims about security.
15: Phishing Does Not Target Confidential Information and Personal Data
This myth likely stems from misconceptions about the evolving nature of phishing attacks. Today, cybercriminals often distribute malware by attaching it to emails and tricking users into opening it. This form of phishing is straightforward and devoid of the traditional nuances. However, people often overlook “classic” phishing, which involves counterfeit websites and forms designed to steal your credentials.
Classic phishing has not disappeared, contrary to popular belief. Some might think it’s in decline, but there are still numerous phishing pages on the Internet. Maintaining vigilance is crucial to avoid falling victim. While the effectiveness of classic phishing has diminished due to advanced security measures in web browsers, phishing techniques are constantly evolving. Cybercriminals will inevitably find new ways to deceive users, often when least expected. It’s essential to dismiss cybersecurity myths and rely on accurate information.