Con motivo de la celebración en octubre el mes de la Concienciación sobre la Ciberseguridad, ESET analiza riesgos comunes para estar alerta
FeaturedFinancial security

Cybersecurity myths that can put you at risk: ESET analyzes 5 common ones

In honor of Cybersecurity Awareness Month in October, ESET analyzes common risks to be aware of

October marks Cybersecurity Awareness Month, a global initiative to strengthen safe habits in the digital environment. In the Latin American region, cybersecurity risks are specific. According to the latest ESET Security Report 2025, 1 in 4 companies has already suffered a cyberattack in the last year. But it’s not just businesses that are vulnerable, as massive phishing campaigns seek to attract the public and simulate messages from postal companies with supposed delivery problems, or from government agencies communicating nonexistent fines, court summonses, among many other attempts to deceive and generate urgency so that action is taken under pressure.

In this context, ESET, a leading company in proactive threat detection, warns that any user of online services is a target of attack and comments that it is necessary to address some myths that persist about digital security and that can put both personal users and corporate systems at risk.

Security is not just about technology; it is also about process and governance

THE MYTHS:

  1. I am not a target because I have nothing of value: It is common for people to believe that cyberattacks only target large companies or public figures. The reality is that any personal data is valuable to cybercriminals, from banking information to email or social media credentials. Digital scams reach millions of ordinary users, regardless of their online profile or relevance.

“Underestimating the risk creates a false sense of security and leads to risky behaviors, such as not enabling multi-factor authentication, using weak passwords, or clicking on suspicious links. These weaknesses are a unique opportunity for attacks that result in data theft, card cloning, account takeovers, or even digital extortion, targeting users who believe they are not targets,” says Camilo Gutiérrez Amaya, Head of the ESET Latin America Research Lab.

2.My antivirus protects me against everything: Antivirus is an important piece of defense, but it doesn’t cover all attack vectors. Social engineering, process failures, poor privilege management, supply chain attacks, and operational visibility gaps are all actions that antivirus alone cannot address.

An example of this occurred in Brazil. The C&M Software case exposed how procedural gaps, a lack of controls, and failures in third-party management allowed resources to be diverted and compromised the organization’s operational security. This demonstrated that security is not just about technology; it’s also about process and governance. Another critical point is that many attacks exploit leaked credentials, human weaknesses, or insecure authorization flows, scenarios in which an antivirus solution fails to prevent the initial intrusion or escalation of access. Therefore, the current defense strategy must be layered.

  1. My password is secure, you can use it everywhere: Even if a password is secure, reusing it across multiple services poses a risk. In practice, criminals specialize in automated attacks, such as credential stuffing, where they use leaked email and password combinations to attempt to automatically access other accounts. If the password is the same, access is immediate and silent.

On the other hand, password reuse makes scams like phishing and account takeovers more effective, because cybercriminals can combine information from different services to trick users more convincingly. Even if a platform has strong protection, using the same password on a website with weak security replicates the risk.

“Relying exclusively on strong, unique passwords creates a false sense of security and leaves users vulnerable to hacking, identity theft, and financial fraud. Effective protection requires not only strong passwords, but also a combination of multi-factor authentication, monitoring for suspicious activity, and good credential management practices,” adds Gutiérrez Amaya of ESET.

  1. My phone is safe, I only have to worry about my computer: Many people believe their smartphones or tablets are protected because they are smaller or more modern devices, and that cyberattacks don’t affect them. Mobile devices are frequent targets for sophisticated scams, and the risks increase as personal, financial, and professional information is concentrated on them. Effective mobile defense involves strong passwords, multi-factor authentication, being wary of suspicious apps and links, regular updates, and paying attention to unexpected phone calls.

In addition to phishing, vishing, and other social engineering cases, devices—both Android and Apple—are also targets for malware distribution, with fake apps and system vulnerability exploitation that can compromise the device even without direct user interaction. In fact, malicious apps have been identified in the past as remaining undetected in official Google stores for a considerable amount of time. Or, towards the end of 2023, an increase in Android lending apps was noted, which were nothing more than entry points for spyware.

  1. Cybersecurity is the sole responsibility of the IT sector: Every user has an essential role in protecting data and systems. Anyone who adopts good practices contributes to strengthening the security of the entire organization or online community. Simple habits such as checking links before clicking, maintaining strong and unique passwords, enabling multi-factor authentication, and reporting suspicious activity create effective barriers that complement IT technologies and policies.

The more each person acts consciously, the more resilient the digital ecosystem will be

“When we all get involved, collective awareness becomes a powerful defense, capable of preventing scams, fraud, and invasions, protecting personal and corporate information, and the digital community as a whole. The more each person acts consciously, the more resilient the digital ecosystem will be. It’s important to remember that cybersecurity is everyone’s responsibility, and small habits make a big difference,” concludes the ESET Latin America researcher.

ESET invites you to learn more about cybersecurity by visiting: https://www.welivesecurity.com/es/.

For other useful preventive information, it is also available in Venezuela: https://www.eset.com/ve/, and on its social media @eset_ve. Also available on Instagram (@esetla) and Facebook (ESET).

With information and reference images provided by ESET and Comstat Rowland

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on X/Twitter and Instagram

You might also like
Featured

OPEC maintains global demand forecast for this year and 2026

Business

Tips to shop safely on Black Friday

Featured

A seed bank will be created to secure genetic material for planting

Business

Minecraft’ sequel to be released in July 2027

Business

Italian pasta could face new US tariff

Featured

UK to apply new regulations to Google

More Stories

Meta announces lawsuit against scammers for…

Bluesky announces paid custom domains

Social network X approves political ads for the US elections