What is Cyber Security? Definition and Best Practices

  The costs of cyber security breaches are rising

Privacy laws such as the GDPR (General Data Protection Regulation) and DPA (Data Protection Act) 2018 can mean significant fines for organisations that suffer cyber security breaches. There are also non-financial costs to be considered, like reputational damage.

 Cyber attacks are increasingly sophisticated

Cyber attacks continue to grow in sophistication, with attackers using an ever-expanding variety of tactics. These include social engineering, malware and ransomware.

 Cyber security is a critical, board-level issue

New regulations and reporting requirements make cyber security risk oversight a challenge. The board needs assurance from management that its cyber risk strategies will reduce the risk of attacks and limit financial and operational impacts.

  Cyber crime is a big business

According to The hidden costs of cybercrime, a 2020 study carried out by McAfee and the CSIS (Centre for Strategic and International Studies), based on data collected by Vanson Bourne, the world economy loses more than $1 trillion (approximately £750 billion) each year. Political, ethical and social incentives can also drive attackers.

1. Critical infrastructure cyber security

Critical infrastructure organisations are often more vulnerable to attack than others because SCADA (supervisory control and data acquisition) systems often rely on older software.

Operators of essential services in the UK’s energy, transport, health, water and digital infrastructure sectors, and digital service providers are bound by the NIS Regulations (Network and Information Systems Regulations 2018).

Among other provisions, the Regulations require organisations to implement appropriate technical and organisational measures to manage their security risks.

2. Network security

Network security involves addressing vulnerabilities affecting your operating systems and network architecture, including servers and hosts, firewalls and wireless access points, and network protocols.

3. Cloud security

Cloud security is concerned with securing data, applications and infrastructure in the Cloud.

4. IoT (Internet of Things) security

IoT security involves securing smart devices and networks that are connected to the IoT. IoT devices include things that connect to the Internet without human intervention, such as smart fire alarms, lights, thermostats and other appliances.

5. Application security

Application security involves addressing vulnerabilities resulting from insecure development processes in the design, coding and publishing of software or a website.

1. Staff awareness training

Human error is the leading cause of data breaches. It is therefore essential that you equip staff with the knowledge to deal with the threats they face.

Staff awareness training will show employees how security threats affect them and help them apply best-practice advice to real-world situations.

2. Application security

Web application vulnerabilities are a common point of intrusion for cyber criminals.

As applications play an increasingly critical role in business, it is vital to focus on web application security.

3. Network security

Network security is the process of protecting the usability and integrity of your network and data. This is achieved by conducting a network penetration test, which assesses your network for vulnerabilities and security issues.

4. Leadership commitment

Leadership commitment is key to cyber resilience. Without it, it is tough to establish or enforce effective processes. Top management must be prepared to invest in appropriate cyber security resources, such as awareness training.

5. Password management

Almost half of the UK population uses ‘password’, ‘123456’ or ‘qwerty’ as their password. You should implement a password management policy that provides guidance to ensure staff create strong passwords and keep them secure.