The definition of cyber security
Cyber security is often confused with information security.
Cyber security focuses on protecting computer systems – including hardware, software, data and digital infrastructure – from unauthorised access or being otherwise damaged or made inaccessible.
Information security, on the other hand, is a broader category that looks to protect all information assets, whether in hard copy or in digital form.
In recent years, cyber security has come under intense media scrutiny because of a rapid increase in the size and number of attacks, and the degree of effect on individuals, governments and organisations.
Moreover, the introduction of the GDPR (General Data Protection Regulation) in 2018 means organisations must implement appropriate security measures to protect the personal data they process or risk substantial financial losses.
All well-informed organisations now consider cyber security a critical business issue.
Learn more about the cyber threats your organisation faces >>
The three pillars of data security
Robust cyber security (and information security) involves implementing measures, know as controls that cover people, processes and technology.
This holistic approach is essentials: technological measures need process to govern how they are used and staff training to ensure those processes are followed.
It helps organisations protect themselves from both organised and opportunistic attacks, as well as common internal threats, such as a user falling for a phishing scam or mistakenly sending an email to an unintended recipient.
Risk management ensures these controls are deployed cost-effectively – in other words, based on the likelihood of the risk occurring, and the worst possible impact if the risk materialises.
Every employee needs to be aware of their role in preventing and reducing cyber threats, and staff dedicated to cyber security need to keep up to date with the latest cyber risks and solutions, as well as qualifications, to mitigate and respond to cyber attacks effectively.
Processes are crucial in communicating the organisation’s cyber security stance. Documented processes should also clearly define roles and responsibilities, and specify the procedure to follow when, for example, reporting a suspicious email. The cyber landscape is one of constant change, so processes need to be regularly reviewed to account for the latest cyber threats and responses.
While organisational measures are a big part of cyber security, technical controls are just as essential. From access controls to installing antivirus software, technology can be deployed to mitigate cyber risks.
Why is cyber security important?
The cost of cyber crime is at an all-time high, and incidents often take months to be discovered – often by a third party. For instance, APTs (advanced persistent threats) use continuous hacking techniques to gain access to a computer system and can remain inside for months before the intrusion is observed.
The costs of data breaches are soaring
Emerging privacy laws can mean significant fines for organisations. The high-profile EU GDPR (General Data Protection Regulation) has a maximum fine of €20 million (about £17 million) or 4% of annual global turnover, whichever is greater. Such penalties are usually on top of damages and other legal action. There are also non-financial costs to be considered, such as organisational sustainability and reputational damage.
Cyber attacks are becoming increasingly sophisticated
Cyber attacks continue to grow in sophistication, with attackers using an ever-expanding variety of tactics, including social engineering, malware and ransomware (used for Petya, WannaCry and NotPetya).
Cyber attacks are lucrative
Usually, cyber attackers seek some type of benefit and will invest in various techniques, tools and technology to achieve their motives. Financial gain is a common motivation, but they may also be driven by political, ethical, intellectual or social incentives.
Cyber security is a critical, board-level issue
New regulations and reporting requirements make cyber security risk oversight a challenge. The board will continue to seek assurances from management that their cyber risk strategies will reduce the risk of attacks and limit financial and operational impacts.
A strong cyber security stance is a key defence against cyber-related failures and errors and malicious cyber attacks, so having the right cyber security measures in place to protect your organisation is vital.
What are the consequences of a cyber attack?
Cyber attacks can cause significant disruption and damage to even the most resilient organisation. Impacted organisations stand to lose assets, reputation and business, and face fines and remediation costs.
Elements of cyber security
A strong cyber security posture hinges on a systematic approach that encompasses:
Web application vulnerabilities are a common point of intrusion for cyber criminals. As applications play an increasingly critical role in business, organisations urgently need to focus on web application security to protect their customers, their interests and their assets
Network security is the process of protecting the usability and integrity of your network and data. This is usually achieved by conducting a network penetration test, which aims to assess your network for vulnerabilities and security issues in servers, hosts, devices and network services.
Operations security protects your organisation’s core functions by tracking critical information and the assets that interact with it to identify vulnerabilities.
Human error remains the leading cause of data breaches. Your cyber security strategy is only as strong as your weakest link, so organisations need to make sure that every employee knows how to spot and deal with the threats or risks they may face, whether it’s not becoming a phishing victim, not sharing passwords, or being cautious about public Wi-Fi.
Leadership commitment and involvement
Leadership commitment is the key to the successful implementation of any cyber security project. Without it, it is very difficult to establish or enforce effective processes. Top management must also be prepared to invest in appropriate cyber security resources, whether it’s hiring qualified people, awareness training or technology.
How to protect against cyber security attacks
The most effective strategy to mitigating and minimising the effects of a cyber attack is to build a solid foundation upon which to grow your cyber security technology stack.
Solution providers often tell their clients their applications are 100% compatible and will operate seamlessly with the current IT infrastructure, and for the most part, this is true. Problems arise when we start adding IT security solutions from different manufacturers – regardless of the granularity of their configuration settings, technology gaps will always be present.
Technology gaps appear for one simple reason: developers always keep certain portions of their code proprietary as part of their competitive advantage. As such, true compatibility and interoperability may only be 90%. It is through these gaps that vulnerabilities usually appear, which criminal hackers can exploit.
A solid cyber security foundation will identify these gaps and propose the appropriate action to take to mitigate the risk of an attack, enabling you to build a robust cyber security strategy.
Start your journey to being cyber secure today
IT Governance has a wealth of experience in the cyber security and risk management field. We have been carrying out cyber security projects for more than 15 years and have worked with hundreds of private and public organisations in all industries. All of our consultants are qualified, experienced practitioners.
Our services can be tailored for organisations of all sizes in any industry and location. Browse our wide range of products below to kick-start your cyber security project.