What is Cyber Security?

Cyber security consists of technologies, processes and controls designed to protect systems, networks and data from cyber attacks. Effective cyber security reduces the risk of cyber attacks and protects against the unauthorised exploitation of systems, networks and technologies.

Robust cyber security involves implementing controls based on three pillars: people, processes and technology. This three-pronged approach helps organisations defend themselves from both organised attacks and common internal threats, such as accidental breaches and human error.

Download our free guide to cyber security

Discover why cyber security is critical to your organisation’s survival and learn how to prepare for the worst with our seven-step cyber security strategy.

Download now

The three pillars of cyber security

People:

Every employee needs to be aware of their role in preventing and reducing cyber threats, and specialised technical cyber security staff need to stay fully up to date with the latest skills and qualifications to mitigate and respond to cyber attacks.

Processes:

Processes are crucial in defining how the organisation’s activities, roles and documentation are used to mitigate the risks to the organisation’s information. Cyber threats change quickly, so processes need to be continually reviewed to be able to adapt alongside them.

Technology:

By identifying the cyber risks that your organisation faces you can then start to look at what controls to put in place, and what technologies you’ll need to do this. Technology can be deployed to prevent or reduce the impact of cyber risks, depending on your risk assessment and what you deem an acceptable level of risk.

Why is cyber security important?

The costs of data breaches are soaring:

With the EU GDPR (General Data Protection Regulation) now in force, organisations could be faced with fines of up to €20 million or 4% of annual global turnover for certain infractions. There are also non-financial costs to be considered, such as reputational damage and loss of customer trust.

Cyber attacks are becoming increasingly sophisticated:

Cyber attacks have become more sophisticated with attackers using an ever-growing variety of tactics to exploit vulnerabilities, such as social engineering, malware and ransomware (as was the case with Petya, WannaCry and NotPetya).

Cyber security is a critical board issue:

New regulations and reporting requirements make cyber security risk oversight a challenge. The board will continue to seek assurances from management that their cyber risk strategies will reduce the risk of attacks and limit financial and operational impacts.

A strong cyber security stance is a key defence against cyber-related failures and errors and malicious cyber-attacks, so it’s vital to have the right cyber security measures in place to protect your organisation.

Elements of cyber security

A strong cyber security posture hinges on a systematic approach that encompasses:

Application security

Web application vulnerabilities are a common point of intrusion for cyber criminals. As applications play an increasingly critical role in business, organisations urgently need to focus on web application security to protect their customers, their interests and their assets.
Information security

Information is at the heart of any organisation, whether it’s business records, personal data or intellectual property. ISO/IEC 27001:2013 (ISO 27001) is the international standard that provides the specification for a best-practice information security management system (ISMS).
Network Security

Network security is the process of protecting the usability and integrity of your network and data. This is usually achieved by conducting a network penetration test, which aims to assess your network for vulnerabilities and security issues in servers, hosts, devices and network services.
Business continuity planning

Business continuity planning (BCP) involves being prepared for disruption by identifying potential threats to your organisation early and analysing how day-to-day operations may be affected.
Operational security

Operations security (OPSEC) protects your organisation's core functions by tracking critical information and the assets that interact with it to identify vulnerabilities.
End-user education

Human error remains the leading cause of data breaches, and your cyber security strategy is only as strong as your weakest link. Organisations need to make sure that every employee is aware of the potential threats they face, whether it’s a phishing email, sharing passwords or using an insecure network.
Leadership commitment

Leadership commitment is the key to the successful implementation of any cyber security project. Without it, it is very difficult to establish, implement and maintain effective processes.
Top management must also be prepared to invest in cyber security measures. Cyber security should be given appropriate priority by the board to support further investment in technology, resources and skills.

What are the consequences of a cyber attack?

Cyber attacks can disrupt and cause considerable financial and reputational damage to even the most resilient organisation. If you suffer a cyber attack, you stand to lose assets, reputation and business, and potentially face regulatory fines and litigation – as well as the costs of remediation.

Types of cyber security threats

Ransomware

One of the fastest-growing forms of cyber attack, ransomware is a type of malware that demands payment after encrypting the victim’s files, making them inaccessible. Paying the ransom does not guarantee the recovery of all encrypted data. Read more >>

Phishing

Phishing attacks are continually on the rise. Often indistinguishable from genuine emails, text messages or phone calls, these scams can inflict enormous damage organisations. Read more about staff awareness and information security >>

Malware

Malware is a broad term used to describe any file or programme intended to harm a computer, and encompasses trojans, social engineering, worms, viruses and spyware. Read more about malware protection >>

Social engineering

Social engineering is used to deceive and manipulate victims to gain computer access. This is achieved by tricking users into clicking malicious links or by physically gaining access to a computer through deception. Read more about social engineering >>

Outdated software

The use of outdated (unpatched) software (e.g. Microsoft XP) opens up opportunities for criminal hackers to take advantage of known vulnerabilities that can bring entire systems down. Read more about patch management >>

Vulnerabilities in web applications and networks

Cyber criminals are constantly identifying new vulnerabilities in systems, networks or applications to exploit. These activities are conducted via automated attacks and can affect anyone, anywhere. Read more about web applications vulnerabilities >>

How to protect against cyber security attacks

The most effective strategy to mitigate and minimise the effects of a cyber attack is to build a solid foundation upon which to grow your cyber security technology stack.

Solution providers often tell their clients their applications are 100% compatible and will operate seamlessly with the current IT infrastructure, and for the most part, this is true. The problem arises when we start adding IT security solutions from different manufacturers regardless of the granularity of their configuration settings – technology gaps will always be present.

And technology gaps will always appear for one simple reason: developers will always keep certain portions of their code proprietary as part of their competitive advantage. Hence, true compatibility and interoperability may only be 90%. These are known as technology gaps. It is through these gaps that attacks usually occur.

A solid cyber security foundation will identify these gaps and propose the appropriate action to take to mitigate the risk of an attack, enabling you to build a robust cyber security strategy.

Start your journey to being cyber secure today

IT Governance has a wealth of experience in the cyber security and risk management field. As part of our work with hundreds of private and public organisations in all industries, we have been carrying out cyber security projects for more than fifteen years. All of our consultants are qualified, experienced practitioners.

Our services can be tailored for organisations of all sizes in any industry and location. Browse our wide range of solutions below to kick-start your cyber security project.

Cyber Security Consultancy

Cyber Security Training Courses

Cyber Security Toolkits

Cyber Security Standards

Cyber Security Software

Cyber Security Staff Awareness

Speak to an expert

To find out more on how our cyber security products and services can protect your organisation, or to receive some guidance and advice, speak to one of our experts.