Are these Cybersecurity Myths making you look a Fool?

In the world of cybersecurity and cybercrime, there are a lot of misconceptions rolling around.

And since April 1st makes us all look like fools, it's the perfect time to bust three of the biggest myths around cybersecurity with our Trusted Partners.

Security myth 1: Small and medium-sized businesses aren’t targeted by hackers, cybercriminals are more interested in the larger companies.

39% of businesses identified cyber security breaches in the last 12 months (CSBS 2021)

Our Trusted Partner, CYFOR said “If you had no windows or doors on your house and went away for 2 weeks, will your valuables still be there once you got back? This is the reality I am afraid of for many small to medium size businesses when we view their current cybersecurity posture.“

Our Trusted Partner, Centre for Assessment responded “The sad reality is that opportunists will take advantage of any perceived vulnerability. This makes all types of security measures more important than ever.”

Our Trusted Partner, Develop Capability responded “In reality, small businesses made up over half of last year’s breach victims.

The proliferation of high-profile hacks in the news often tricks small and medium-sized businesses into thinking that they won’t be targeted for a cyber-attack. In reality, the opposite is actually true. In fact, according to the 2018 Verizon Data Breach Investigations Report, 58 per cent of data breach victims were small businesses.

This happens for several reasons. Many businesses aren’t targeted specifically, but instead are victims of what is known as ‘spray-and-pray attacks when hackers set up automated systems to randomly try to infiltrate businesses. As these attacks are random, any business can be damaged, regardless of size.

Small businesses tend to be ‘soft’ targets, as they are often not prepared against cyber-attacks and don’t have skilled security teams. This makes them more likely to fall victim to spray-and-pray attacks. Targeted attacks are then used to focus on these small businesses once it is discovered that they are vulnerable.”

Security myth 2: Businesses must buy expensive hardware or software solutions to implement effective cybersecurity.

We asked our Trusted Partner, Bergerode Consulting; “Effective cybersecurity, in my view, is first and foremost a set of positive behaviours which put cybersecurity on a solid footing. Just now, knowing what threats your business faces determines what choices you make about meeting these threats.”

Kevin continues “If a business faces a malware risk from staff using personal USBs in company workstations, some security companies will try to sell software to that business which controls the use of USBs, but such software can be expensive and it will certainly not address the reason why staff are using USBs, to begin with. Rather than buy such software, companies should seek to address why staff are using personal USBs and take ownership of the issue by updating the staff handbook to make use of personal USBs not permissible and also look to using existing software, e.g. Active Directory, to manage the use of USBs. This is more likely to address the root cause of the issue and deal with any risks than just buying a solution and being locked into an expensive support contract.”

Security myth 3: My business doesn’t have anything worth protecting from cyber-attacks.

We asked our Trusted Partner, Cyber Security Specialists; “Your data is worth thousands to marketing companies and can be used by hackers to launch more sophisticated attacks to try and obtain your bank details and login details to Netflix, Amazon and more!”

Is your business cyber secure?

Sign up for our FREE core membership and strengthen your resilience to online crime and cyber attacks.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of Cyber Resilience Centre for Greater Manchester (CRCGM) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. CRCGM provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

CRCGM does not accept any responsibility for any loss which may arise from reliance on information or materials published on this website. CRCGM is not responsible for the content of external internet sites that link to this site or which are linked from it.


Cyber Resilience Centre GM, Manchester Technology Centre, Oxford Rd, Manchester, M1 7ED

0161 706 0940

Registered in England & Wales No.12309263.



  • LinkedIn
  • Twitter
Greater Manchester Logo Light.png

© 2021 - The Cyber Resilience Centre for Greater Manchester