https://www.xperience-group.com/news-item/5-common-cyber-misconceptions-we-hear-all-the-time/
After working with thousands of customers over the years, we’ve started to notice some common patterns among SMEs. One of the most alarming themes are misconceptions around Cyber Security, where a large portion of people we speak with think they’re safe – but in reality, they are leaving themselves wide open for compromise. This blog will take you through the most common Cyber Security misconceptions we hear. Before we start, it’s worth pointing out that the fact these misconceptions come up so often shows there’s a real issue here. Additionally, businesses need to recognise that the Cyber threat is here to stay. The latest NCSC reports claim that over 4 in 10 businesses (43%) and 3 in 10 charities (30%) reported having experienced any kind of Cyber Security breach in the last 12 months. We hope this blog provides insight for businesses that may be leaving themselves open to hackers.
While there’s no denying the fact that as an SMB you’re less likely to be targeted, you can still fall victim to a ‘spray and pray’ form of attack where an attacker will just try their luck with automated tools that scan for vulnerabilities. Size doesn’t matter when it comes to cyber criminals, they will exploit any vulnerability of any-sized company for their own gain. It is important also to acknowledge the damage a cyber attack can do to an SMB. In a study carried out last year, ConnectWise discovered an important statistic, 78% of SMB’s were concerned a cyber attack could put them out of business. 2024 also saw one in three SMB’s globally reporting a cyber incident in the past year. Do you really still think that you’re too small?
Unfortunately, this simply isn’t true. We have found with businesses that prior to user awareness training our standard phishing service has click rate of 65-70%, and it only takes one click to compromise a business. I’s easily done, whilst in the middle of work, to misjudge an email and click a malicious link. Other research debunks this statement too, as a recent Knowbe4 article claimed from their research that 88% of data breaches are caused by human error. Cyber threats are becoming more frequent, and it’s often a matter of when—not if—they strike. Make sure your business is prepared and protected.
Whilst 2fa is a great tool to have in your Cyber Security armour it is not enough on its own. Hackers can bypass 2fa using software that steals session cookies leading to man in the middle attacks, all they need is that session cookie and 2fa is helpless in defence. 2fa is best practice and we recommended implementing this but do so in tandem with other Cyber Security defences.
No news unfortunately doesn’t mean good news. How would you even know if you had been hacked? Does your business have intrusion and detection services in place? If not, it is likely that you wouldn’t even know if you had been hit. Unfortunately, in today’s threat landscape, it is a case of not if but when you get hit if you don’t have sufficient Cyber defences in place.
Cyber compliance, like 2fa mentioned earlier, is a great tool to have in your armour but it is not enough on its own. Many people we talk to think that because they have Cyber Essentials or Cyber Essentials plus, they are un-hackable – this is not true. Compliance based testing and certification is great for setting a baseline, but it is best used alongside other Cyber Security products to form a sound defence.
It is not abnormal to fall prey to one of these misconceptions. Many people are just not aware of the depth of defence needed in 2025 to stay safe in the Cyber landscape. Cyber Security is a must not a want with threats becoming more frequent and sophisticated. If any of the topics discussed relate to your businesses current set up, then please do reach out for a free consultancy call. Our experienced Cyber team are on hand help guide your business with tailored Cyber Security solutions.
Want to learn more?