Common Myths About Cyber Attackers
Ransomware Attacks – 4 min read

Common Myths About Cybercriminals

People often have the notion that cybercriminals are individuals. Cybercrime is a highly distributed, professional, commercial, big business.



Myth #1: Hackers or Cybercriminals Play a Short Game

One of the most common myths is that cybercriminals play a short game for quick wins. The fact is they don’t. Cybercriminals play a very long game. They put schemes together that play out over the course of many months. They count on people forgetting or not make associations between temporally distinct events.

Let us give you an example. You receive a PDF from an acquaintance. After double-clicking on the PDF nothing happens and up pops a note from Adobe with a notification that the file is corrupted. You think Adobe stopped you from opening something broken or perhaps that you dodged a bullet and that Adobe prevented you from opening something harmful. Maybe you write to the person who sent it and they never reply because they didn’t send you the PDF in the first place. Maybe you don’t even bother to write the sender because you figure somebody else has already alerted them about the problem. After all, if there is a problem, surely you will see some sort of sign. You don’t see any indication of a problem so the matter slips your mind. After a whopping 219 days—which is how long it takes the average cyberattack to get noticedyou get a message asking you to run a new piece of software. It never crosses your mind that this message has been sent to you as a result of that broken PDF you tried to open 7 months ago. The new software is not designed to hurt you but rather it’s mining cryptocurrency. It’s using your computer to do the cybercriminal's work and it’s sending information from your computer to the Internet. Simply put, it has taken 7 months but now someone else has control of your computer and you aren’t even aware of it.

Myth #2: Hackers Are Out to Harm You

Most folks think cybercriminals purposely want to harm you. This is false. The primary goal of most cybercriminals isn’t to kill your computer. Their goals can be varied but it is almost never to kill your computer. Common goals include trying to mine your online activity, use your computer to send information without your knowledge, or hold your information/files for a ransom (well, that last bit is harmful).

Myth #3: Cybersecurity is Simple

Most people think that cybersecurity is simple. People assume that once they have installed some anti-virus software they are protected from cyber risks. That is wrong. Cybersecurity is an ongoing fight. You can’t just install some software and forget about it. All cyber protection software needs to be regularly updated. Further, you need to monitor your networks and continually educate your team about new cyber risks.


Cybercrime is a highly distributed, professional, commercial, big business.


Myth #4: People think that Cybercriminals are Just Average People

One of the most common myths is that cybercriminals are just disgruntled troublemaking kids with too much time on their hands. First and foremost, cybercriminals are computer scientists. These scientists employ incredibly powerful tools like artificial intelligence (AI). They use computer automation to set up and exploit vulnerabilities. They use really big computers to launch enormous attacks at a number of different related or unrelated facets. It’s big business. It is actually very big business. Using all of the tools at their disposal, they hunt for vulnerabilities, and once they find a vulnerability they will attack your system. Once they attack, they try to gather up and exploit as much as they can. These cyber bad guys know that the window to exploit is limited as the vulnerability will eventually be patched by companies like CITI.

Myth #5: One Person is Responsible

The person responsible for finding the vulnerability in your system is not the person who ends up exploiting it. Finding out who hacked into your computer is like finding out the majority stakeholder in the company that refined the gas in your car. In other words, it's impossible to trace it back with certainty.

Cybercrime is a highly distributed, professional, commercial, big business. At the other end is you, oblivious to the fact that the cybercriminals' exploit is in place and holding up really well. They market it and sell it on the dark web. The people buying it may or may not do anything with it either. They may sit on it or sell it with other bundles of hacked computers.

Myth #6: My Online Activities Don’t Put Me at Risk

Most people think if they avoid visiting certain websites (we're looking at you, porn websites) and are judicious about not clicking on dodgy links that they remain cybersafe and cyber secure. This is not true. The truth is that hackers can install malware on even the most legitimate websites, which can infect a somebody who just visits the siteno clicks needed. Others assume that some sort of Internet police force illegitimate or harmful websites off the web. This is also untrue. Bad websites (that appear legit) may be up for years before they are detected and forced to come down. Also people believe that only opening emails or accepting friend requests from people you know will keep you safe. Wrong. Cybercriminals are excellent at appearing like somebody you know and trust.

Myth #7: A Strong Password Can Keep You Safe

This is sort of a myth and sort of not a myth. Yes, strong passwords can help keep you safe. However, if you use the same strong password for everything you will be at risk. Make sure that you use a strong and unique password for all of your accounts.

PS Don’t save your passwords on your computer in a file called “Passwords.” Also, wherever and whenever possible, use two-factor authentication for extra security.

At the end of the day, cybercrime is ubiquitous. We are all breached, we just don’t know it. Ignorance is bliss. And remember never clicking isn’t going to save you but it is the one single thing that will make you less vulnerable.


If you think that you have been the victim of cybercrime, get in touch with CITI right away. Better yet, get in touch with us before you become the victim of cybercrime so that we can protect you from it. Everyone is a target. 

Guide to Ransomware Attacks in Canada

Guide to Email Security from our Practice Safe Cyber Series Download Your Poster
Global Toronto and CreateTO City of Toronto Agencies Case Study
Learn about your IT security. Register for a free cybersecurity consultation.  Book Now
Guide to Ransomware Attacks in Canada
Considering moving to the cloud? Find out if the cloud is right for your  company.Book Now
New IT Infrastructure Transforms Organization. KCI Ketchum Canada
Engage our services and get 10 hours free. It's easy to work with CITI. Become  a client.Book Appointment

IT Insights from our Blog

Read more

We're here to help!

Moving to the Cloud

Is your management team asking about your IT security policies and practices? Are you worried about a cybersecurity breach? CITI’s comprehensive IT security services provide all the information your company needs to deal with current and future security situations and concerns. Learn about your IT security. Register for a free cybersecurity session.

Managed Services

There is another way to manage your IT that doesn’t require you call your IT firm. Managed IT services offer proactive care, support, monitoring and maintenance of your computer systems for a fixed monthly fee. Process-driven, less involvement, more predictable cost. Yes, Virginia, there is a way to keep your IT running smoothly that does not require you to make a call.


Are you concerned about minimizing IT maintenance costs? Perhaps you’re techno savvy. Or maybe you only need an IT firm for complex IT situations. CITI can provide exactly the volume of IT services that you want and need from network troubleshooting to helping a user with a jammed printer. Our full range of services are available on a per incident basis.

Disaster Recovery

Is the stuff of your nightmares power outages? The only way to deal with a severe interruption to business operations is to plan for it. Beginning with a disaster recovery plan through implementing and maintaining failsafe, foolproof, rock-solid offsite backups, CITI has helped 100s of companies protect their most valuable asset—their data and systems.

IT Consulting

Uncertain if your company should move to the cloud? Do you have doubts about the best way to back up your data? Looking for ways to minimize your vulnerability to IT security breaches? Perhaps you’re looking for help with your annual IT budget. CITI’s IT advisory services help businesses make informed strategic and tactical decisions on information technology.

Call Us