Strong passwords alone are adequate protection. Strong passwords make a difference. For example, a 12-character password takes 62 trillion times longer to crack than a 6-character password. But because cybercriminals can steal passwords (or pay disgruntled employees or other insiders to steal them), they can’t be an organization’s or individual’s only security measure.
 

The major cybersecurity risks are well known. In fact, the risk surface is constantly expanding. Thousands of new vulnerabilities are reported in old and new applications and devices every year. Opportunities for human error—specifically by negligent employees or contractors who unintentionally cause a data breach—keep increasing.
 

All cyberattack vectors are contained. Cybercriminals are finding new attack vectors all the time—including Linux systems, operational technology (OT), Internet of Things (IoT) devices and cloud environments.
 

‘My industry is safe.’ Every industry has its share of cybersecurity risks, with cyber adversaries exploiting the necessities of communication networks within almost every government and private-sector organization. For example, ransomware attacks are targeting more sectors than ever, including local governments, non-profits and healthcare providers. Threats on supply chains, ".gov" websites, and critical infrastructure have also increased.
 

Cybercriminals don’t attack small businesses. Yes, they do. For example, in 2021, 82 percent of ransomware attacks targeted companies with fewer than 1,000 employees; 37 percent of companies attacked with ransomware had fewer than 100 employees.

Πηγή: ΙΒΜ