• Skip to primary navigation
  • Skip to main content
site logo
  • About
    • Approach
    • Partnerships
    • Mission
    • Leadership
    • Awards
    • Arraya Cares
  • Solutions
    • Solutions

    • Hybrid Infrastructure
      • Hyperconverged
      • Infrastructure as a Service
      • Servers, Storage, and Virtualization
      • Data Protection
      • Disaster Recovery & Business Continuity
    • Apps & Data
      • AI
      • Automation
      • Customizations
      • Visualizations & Integrations
      • Migrations
    • Network
      • Enterprise Networks
      • Wireless Connectivity
      • Cloud Networking Solutions
      • IoT
    • Cybersecurity
      • Endpoint Security
      • Network Security
      • Cloud Security
      • Application Security
    • Modern Workplace
      • Microsoft Licensing
      • Productivity & Collaboration
      • Modern Endpoint Deployment & Management
      • Microsoft Compliance & Risk
      • Backup
      • Cloud
  • Services
    • Services

    • Managed Services
      • Service Desk
      • Outsourced IT
      • Managed Security
      • Managed NOC
      • Arraya Adaptive Management for Microsoft Technologies
      • ADEPT: Arraya's White Label Program
    • Advisory Services
      • Assessments
      • Strategy
      • vCTO
      • vCISO
      • Enterprise Architecture
    • Staffing
      • Infrastructure Engineering
      • Security & Compliance
      • Application & Software
    • Professional Services
      • Project Management 
      • Systems Integration 
      • Mergers & Acquisitions
      • Knowledge & Skills Transfer 
  • Industries
    • Education
    • Finance
    • Healthcare
    • Legal
    • Manufacturing
    • Software and Services
  • Insights
    • News
    • Blog
    • Events
    • Videos
    • Case studies
  • Careers
  • CSP Login
search icon
Contact Us

Fact Checking Cyber Security’s 7 Scariest Urban Legends

The weeks leading up to Halloween have always been perfect for retelling urban legends and other scary tales. Since October is also National Cyber Security Awareness Month, these stories don’t cyber security urban legends only have to focus on creeping monsters and vengeful spirits. Instead, they can be about truly terrifying things, like the hacker who, it turns out, was actually hiding in the company’s data center the whole time! Frightening as that might be, our cyber security team thinks they can do even better. Keep reading for their list of the seven scariest cyber security urban legends – if you dare!

Cyber security’s seven scariest urban legends

While scary, just like tales of, say, alligators in New York City’s sewers, our team suspects these stories are more myth than reality.

Urban Legend #1: Our borders are safe so we’re good. Every organization needs strong protection for the network edge – but defensive efforts can’t stop there. If they do, and a hazardous file does breach the perimeter, it will be able to crisscross the network freely. Internal defense strategies such as network segmentation provide a necessary backup to edge defenses. These solutions limit what malicious actors can get their hands on even if they find a way in.

Urban Legend #2: We took care of user training already. End users at every level of the company are a huge potential vulnerability. As such, end user training is never truly “taken care of.” Rather, it’s an ongoing process. Regular security training is the only way to keep users up to speed with today’s top threats.

Urban Legend #3: Security really is more of an IT problem. To quote Tom Clerici, Arraya’s Cyber Security Practice Director, “The first thing most employees do when they get to the office is log in to a computer. In essence, EVERYONE is a part of the IT department.” Cyber security is a company-wide responsibility.  Further, the fallout from poor security practices no longer hits IT and IT alone. Example: Following his company’s catastrophic 2017 data breach, former Equifax CEO Richard Smith was called in to testify before Congress and eventually resigned his position.

Urban Legend #4: We’re compliant so we’re also secure. It’s absolutely important to pass security audits and to follow laws and regulations. However, doing so doesn’t necessarily equal security. In many leaders’ minds the concepts of security and compliance are one and the same. The thing is, sometimes compliance comes from something as insignificant as a signed document saying employees understand a concept or performed some action. However, there’s little in the way of practical security in that document and so it should not replace hands-on, regular training exercises.

Urban Legend #5: Updates are too expensive. Modernizing out of date technology can be costly – but so too can pushing ahead with it. Aging solutions can be more vulnerable to ransomware. One study pegged the average cost of a ransomware attack at $5 million. Of that figure, $1.25 million stems from system downtime while $1.5 million comes from lost productivity. Then, there’s the colossal fines associated with failure to comply with GDPR – 4% of annual global turnover or $20M, whichever is higher. So, while it’s true good security can be costly, the cost of poor security can be even higher.

Urban Legend #6: Ransomware is our biggest threat. Based on the volume of headlines it earns, it’s easy to overestimate the threat ransomware poses to organizations. While it is undoubtedly a major concern, the rate of ransomware infection began to decline around the midpoint of 2017. Other threat vectors, things like crypto-mining, have stepped up to take its place. The key is to not get too wrapped up in one style of attack. Cyber criminals have plenty of weapons in their arsenal and so organizational defenses must be just as multifaceted.

Urban Legend #7: If we were under attack, we’d know about it. In truth, attackers can linger on a company’s network undetected for months. One study lists the average length of time it takes organizations to identify a breach at 191 days. By the time a red flag is raised, attackers may have already had half a year or more to help themselves to countless volumes of sensitive data. Organizations yet to invest in a Security Incident and Event Management solution should consider doing so to gain real time insights into the health and safety of their network.

Next steps: Building a ready-for-anything security program

Had enough cyber security urban legends? Don’t worry, security doesn’t have to be scary. Instead, join Arraya and our Security team on 11/6 at Dogfish Head Brewing Company in Milton, DE for an event we’re calling Breaches and Brews. During this event, our team will cover the tools and tactics needed to defuse today’s top cyber threats. This event is free, but registration is required. Reserve your spot now by visiting: https://www.arrayasolutions.com//event/breaches-brews-2/.

Finally, you can leave us a comment on this or any of our blogs via social media – LinkedIn, Twitter, and Facebook. Then, after you’ve shared your thoughts, follow us to stay updated on our industry insights and learning opportunities.

Arraya Insights
Back to Top
Arraya Solutions logo

We combine technological expertise and personal service to educate and empower our customers to solve their individual IT challenges.

518 Township Line Road
Suite 250, Blue Bell, PA 19422

p: (866) 229-6234     f: (610) 684-8655
e: info@arrayasolutions.com

  • Careers
  • Privacy Policy
  • Contact Us

© 2025 Arraya Solutions. All rights reserved.

Facebook Twitter YouTube LinkedIn
Manage Cookie Consent
We use cookies to enhance your experience. By selecting “Accept,” you agree to our cookie policy.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}