What is Cyber Security?

The definition of cyber security

The definition of cyber security is often confused with the definition of information security.

Information security, often referred to as ‘IT security’, looks to protect all information assets, whether as a hard copy or in digital form.

Cyber security is a subset of information security. It specifically focuses on protecting computer systems and their components – including hardware, software and data – and digital infrastructure from attack, unauthorised access or being otherwise damaged or made inaccessible. Data centres, websites, programmes, servers or accounts can all be exploited through a cyber attack.

In recent years, cyber security has come under intense media scrutiny due to the rapid development of cyber risks in both size and number, and the degree of impact on individuals, governments and organisations. Most well-informed organisations now consider cyber security a critical business issue.

The three pillars of data security

Robust cyber security (and information security) involves implementing controls based on three pillars: people, processes and technology. This three-pronged approach helps organisations protect themselves from both organised and opportunistic attacks, as well as common internal threats, such as a user falling for a phishing scam or mistakenly sending an email to an unintended recipient.

Effective cyber security uses risk management to ensure these controls are deployed cost-effectively – in other words, based on the likelihood of the risk occurring, and the worst possible impact if the risk materialises.

Why is cyber security important?

The cost of cyber crime is at an all-time high, and incidents can easily take months to be discovered – often by a third party. For instance, APTs (advanced persistent threats) use continuous hacking techniques to gain access to a computer system and can remain inside for months before the intrusion is observed.

• The costs of data breaches are soaring

  Emerging privacy laws can mean significant fines for organisations. The high-profile EU GDPR (General Data Protection Regulation) has a maximum fine of €20 million (about £17 million) or 4% of annual global turnover, whichever is greater. Such penalties are usually on top of damages and other legal action. There are also non-financial costs to be considered, such as organisational sustainability and reputational damage.

• Cyber attacks are becoming increasingly sophisticated

  Cyber attacks continue to grow in sophistication, with attackers using an ever-expanding variety of tactics, including social engineering, malware and ransomware (used for Petya, WannaCry and NotPetya).

• Cyber attacks are lucrative

  Usually, cyber attackers seek some type of benefit and will invest in various techniques, tools and technology to achieve their motives. Financial gain is a common motivation, but they may also be driven by political, ethical, intellectual or social incentives.

• Cyber security is a critical, board-level issue

  New regulations and reporting requirements make cyber security risk oversight a challenge. The board will continue to seek assurances from management that their cyber risk strategies will reduce the risk of attacks and limit financial and operational impacts.

  A strong cyber security stance is a key defence against cyber-related failures and errors and malicious cyber attacks, so having the right cyber security measures in place to protect your organisation is vital.

What are the consequences of a cyber attack?

Cyber attacks can cause significant disruption and damage to even the most resilient organisation. Impacted organisations stand to lose assets, reputation and business, and face fines and remediation costs.

Elements of cyber security

A strong cyber security posture hinges on a systematic approach that encompasses:

• Application security

  Web application vulnerabilities are a common point of intrusion for cyber criminals. As applications play an increasingly critical role in business, organisations urgently need to focus on web application security to protect their customers, their interests and their assets

• Network security

  Network security is the process of protecting the usability and integrity of your network and data. This is usually achieved by conducting a network penetration test, which aims to assess your network for vulnerabilities and security issues in servers, hosts, devices and network services.

• Operational security

  Operations security protects your organisation’s core functions by tracking critical information and the assets that interact with it to identify vulnerabilities.

• End-user education

  Human error remains the leading cause of data breaches. Your cyber security strategy is only as strong as your weakest link, so organisations need to make sure that every employee knows how to spot and deal with the threats or risks they may face, whether it’s not becoming a phishing victim, not sharing passwords, or being cautious about public Wi-Fi.

• Leadership commitment and involvement

  Leadership commitment is the key to the successful implementation of any cyber security project. Without it, it is very difficult to establish or enforce effective processes. Top management must also be prepared to invest in appropriate cyber security resources, whether it’s hiring qualified people, awareness training or technology.

Cyber attacks and cyber security threats

With cyber threats constantly evolving, cyber security can be a complex undertaking. Due to the lucrative nature of successful cyber attacks, cyber criminals are becoming increasingly sophisticated in their tactics, posing an ongoing threat. Below are a few common cyber attacks and threats.

• Phishing

  Phishing, an old but still popular tactic, is a social engineering attack that tries to trick people into divulging sensitive or confidential information. Not always easy to distinguish from genuine messages, these scams can inflict enormous damage on organisations. Read more >>

• Social engineering

  Social engineering comes in more forms than just phishing, but is always used to deceive and manipulate victims in order to obtain information or gain access to their computer. This is achieved by tricking users into clicking malicious links or by physically gaining access to a computer through deception. Read more about social engineering >>

• DDoS (distributed denial-of-service) attack

  A DDoS attack attempts to disrupt normal web traffic and take a site offline by flooding a system, server or network with more requests than it can handle.

• Virus

  A virus is a piece of malicious code that is loaded onto a computer without the user’s knowledge. It can replicate itself and spread to other computers by attaching itself to another computer file.

• Worms

  Worms are similar to viruses in that they are self-replicating, but they do not need to attach themselves to a program. They continually look for vulnerabilities and report any weaknesses they find to their creator.

• Malware

  Malware is a broad term used to describe any file or program intended to harm a computer, and encompasses Trojans, social engineering, worms, viruses and spyware. Read more >>

• Trojan

  A Trojan is a type of malware that disguises itself as legitimate software, such as virus removal programs, but performs malicious activity when executed.

• Ransomware

  One of the fastest-growing forms of cyber attack, ransomware is a type of malware that demands payment after encrypting the victim’s files, making them inaccessible. Be aware that paying the ransom does not guarantee the recovery of the encrypted data. Read more >>

• Spyware/adware

  Spyware/adware can be installed on your computer without your knowledge when you open attachments, click malicious links or download malicious software. It then monitors your computer activity and collects personal information.

• Sequel Injection

  A Structured Query Language (SQL) injection occurs when an attacker inserts malicious code into a server that uses SQL. SQL injections are only successful when a security vulnerability exists in an application’s software. Successful SQL attacks will force a server to provide access to or modify data.

• MITM (man-in-the-middle) attack

  An MITM attack occurs when a hacker inserts themselves between the communications of a client (device) and a server. MITM attacks often happen when a user logs on to an insecure public Wi-Fi network. Attackers are able to insert themselves between a visitor’s device and the network. The user will then unknowingly pass information through the attacker.

• Vulnerabilities in web applications and networks

  Cyber criminals are constantly identifying new vulnerabilities in systems, networks or applications to exploit. These activities are conducted via automated attacks and can affect anyone, anywhere. Download our free infographic about web application vulnerabilities >>

• Zero-day attack

  Using outdated (unpatched) software opens up opportunities for criminal hackers to take advantage of vulnerabilities to bring entire systems down. A zero-day exploit can occur when a vulnerability is made public before a patch or solution has been rolled out by the developer. Read more about patch management >>

How to protect against cyber security attacks

The most effective strategy to mitigating and minimising the effects of a cyber attack is to build a solid foundation upon which to grow your cyber security technology stack.

Solution providers often tell their clients their applications are 100% compatible and will operate seamlessly with the current IT infrastructure, and for the most part, this is true. Problems arise when we start adding IT security solutions from different manufacturers – regardless of the granularity of their configuration settings, technology gaps will always be present.

Technology gaps appear for one simple reason: developers always keep certain portions of their code proprietary as part of their competitive advantage. As such, true compatibility and interoperability may only be 90%. It is through these gaps that vulnerabilities usually appear, which criminal hackers can exploit.

A solid cyber security foundation will identify these gaps and propose the appropriate action to take to mitigate the risk of an attack, enabling you to build a robust cyber security strategy.