The 5 Myths of Cybersecurity | City Possible angle-rightlearn more indicatorFill 1link icoFill 1PlayFill 1Fill 1

The 5 Myths of Cybersecurity

Presented as part of the Cybersecurity for Smart Cities series at the Smart Cities CIO Summit

This article is part of the Cybersecurity for Smart Cities series developed from the recent Smart Cities CIO Summit, convened by the Technology and Entrepreneurship Center at Harvard, and in partnership with City Possible.

Myth #1: Hackers Only Target Big Businesses

Fact: Hackers target everyone—even cities—often using robo-hacks.

Whether you’re the world’s largest bank or the internet’s smallest blog, automated systems mine
the internet for vulnerabilities and don’t care who has them.

Several U.S. cities were attacked by ransomware in 2019, closing down government phone and
email systems. Hackers are taking a particular interest in Florida at the moment because three
cities have paid the ransom thus far.

“All it took was three cities [in Florida] deciding to give money to criminals,” explained Simon
Hunt, EVP of Cybersecurity Protocols at Mastercard. “All the other criminals are saying, ‘well
maybe we should attack the same cities again because they have a history of paying. [Plus] what
about their peers? Maybe their peers are no better or worse.’”

This sentiment echoed warnings from the FBI, who in an October PSA said, “paying ransoms
emboldens criminals to target other organizations and provides an alluring and lucrative
enterprise to other criminals.”

In at least two cases of municipality attacks in 2019, the ransomware was released through an
infected email attachment. Other cities impacted last year included Baltimore, Maryland; Boston,
Massachusetts; Gale, California; and New Orleans, Louisiana.

Myth #2: Hackers Are Geniuses

Fact: Hackers don’t need intelligence when we give them everything they need.

Successful hackers don’t have to be smart, just diligent. Finding out how to exploit cybersecurity flaws is surprisingly easy, Hunt explained. You can literally search the internet, find vulnerabilities and buy your attack of hoice for surprisingly little money. Robo hacks do the rest.

In fact, there is a search engine, just like Google, that you can search for specific pieces of code on a website – If you know what to look for, you can find vulnerabilities in an instant. Another website on the dark web will tell you which sites to hack based on those results, making anyone a bonafide “hacker” in a matter of minutes.

“We willingly give hackers an open door and because they have robo-hacks that discover these things, they can just come and get them,” said Hunt.

The truth is that nearly all “hackers” are lazy. They sit back and let the programs do the work, and sell those programs to other wannabe hackers to fund their criminal enterprises.

Myth #3: Hackers Are Admirable/Cool

Fact: Hackers are common criminals who support some of the worst enterprises in the world.

We’ve all seen the stereotype—starving, brilliant hackers wearing hoodies in the movies and on TV. They’re all just misunderstood loners, right? Wrong. In reality, these criminals profit from fraud, exploitation, and destroying people’s lives.

Marcel Lasar is spending four years in a Romanian prison for hacking celebrities’ and politicians’ emails for blackmail and exploitation. Maksim “Aqua” Yakubets, meanwhile, is hiding in Russia from the FBI after defrauding consumers out of over $100 million.

Zachary Buchta, just 20-years-old, is headed to prison, as well. This hacker-for-hire co-founded Lizard Squad, a criminal organization behind DDoS attacks, bomb threats, and relentless harassment. Ironically (please refer to Myth #2), Buchta used his known screen name to call FBI agents “idiots” that are incapable of catching hackers.

Myth #4: Hacking Is a Victimless Crime

Fact: Ransomware funds organized crime and costs citizens $600
billion per year.

Hacking is not only disruptive and costly but can be physically harmful to victims. This past
year, three hospitals in Alabama were unable to use their computers and had to turn patients
away. Seven hospitals in Australia also reported disruptive ransomware infections.

Roughly 60% of the $3.3 billion social media cybercrime industry is spent on manufacturing
illegal and counterfeit pharmaceuticals, which kills tens of thousands of victims every year.

In December, the St. Lucie County Sheriff’s office in Fort Pierce, Florida was taken offline by
hackers—disabling email servers as well as the fingerprinting and background check systems.

Ransomware isn’t just a mere inconvenience; it can result in tragedy and destroy lives for
generations to come. Several people worldwide – including teenagers- have committed suicide
after receiving ransomware threats. In one tragic instance, a man killed himself and his fouryear-
old son.

For consumers, it may be tempting to pay $100 to a hacker in order to get precious data, like
baby pictures, back. However, there is no guarantee the files will be released back to you. In
addition, that money goes directly into more organized crime like drug manufacturing, gunrunning,
prostitution, human trafficking, and of course, more cybercrime.

Myth #5: The Good Guys Can’t Win

Fact: Anyone can guard against the most common attacks.

As we’ve already established, a majority of ransomware and other hacking attacks occur because
it’s painfully easy to find online vulnerabilities and take advantage of them. Taking basic steps to
improve your cybersecurity can close a lot of these doors for hackers.

Hunt likens tightened cybersecurity to the one house on the block with a security system sign. If
you’re the only one on the block with a sign, no one will burgle you. But if everyone has a sign,
you need the system.

The point of cybersecurity isn’t to have the best security, just not the worst. As in nature, you
don’t have to be the fastest. Don’t be the slowest rabbit.

Featured Content

Read more about City Possible and the future of cities.

Subscribe to Newsletter

Receive the latest news and best practices shared by city innovators.

Join the

Get access to exclusive tools and content.