What is Cyber Security?

Why is cyber security important?

• The costs of data breaches are soaring

  With the EU GDPR (General Data Protection Regulation) now in force, organisations could be faced with fines of up to €20 million or 4% of annual global turnover for certain infractions. There are also non-financial costs to be considered, such as reputational damage and loss of customer trust.

• Cyber attacks are becoming increasingly sophisticated

  Cyber attacks have become more sophisticated with attackers using an ever-growing variety of tactics to exploit vulnerabilities, such as social engineering, malware and ransomware (as was the case with Petya, WannaCry and NotPetya).

• Cyber security is a critical board issue

  New regulations and reporting requirements make cyber security risk oversight a challenge. The board will continue to seek assurances from management that their cyber risk strategies will reduce the risk of attacks and limit financial and operational impacts.
  
  A strong cyber security stance is a key defence against cyber-related failures and errors and malicious cyber-attacks, so it’s vital to have the right cyber security measures in place to protect your organisation.

What are the consequences of a cyber attack?

• Cyber attacks can disrupt and cause considerable financial and reputational damage to even the most resilient organisation. If you suffer a cyber attack, you stand to lose assets, reputation and business, and potentially face regulatory fines and litigation – as well as the costs of remediation.

Elements of cyber security

A strong cyber security posture hinges on a systematic approach that encompasses:

• Application security

  Web application vulnerabilities are a common point of intrusion for cyber criminals. As applications play an increasingly critical role in business, organisations urgently need to focus on web application security to protect their customers, their interests and their assets.

• Information security

  Information is at the heart of any organisation, whether it’s business records, personal data or intellectual property. ISO/IEC 27001:2013 (ISO 27001) is the international standard that provides the specification for a best-practice information security management system (ISMS).

• Network Security

  Network security is the process of protecting the usability and integrity of your network and data. This is usually achieved by conducting a network penetration test, which aims to assess your network for vulnerabilities and security issues in servers, hosts, devices and network services.

• Business continuity planning

  Business continuity planning (BCP) involves being prepared for disruption by identifying potential threats to your organisation early and analysing how day-to-day operations may be affected.

• Operational security

  Operations security (OPSEC) protects your organisation's core functions by tracking critical information and the assets that interact with it to identify vulnerabilities.

• End-user education

  Human error remains the leading cause of data breaches, and your cyber security strategy is only as strong as your weakest link. Organisations need to make sure that every employee is aware of the potential threats they face, whether it’s a phishing email, sharing passwords or using an insecure network.

• Leadership commitment

  Leadership commitment is the key to the successful implementation of any cyber security project. Without it, it is very difficult to establish, implement and maintain effective processes.
  Top management must also be prepared to invest in cyber security measures. Cyber security should be given appropriate priority by the board to support further investment in technology, resources and skills.

Types of cyber security threats

• Ransomware

  One of the fastest-growing forms of cyber attack, ransomware is a type of malware that demands payment after encrypting the victim’s files, making them inaccessible. Paying the ransom does not guarantee the recovery of all encrypted data. Read more >>

• Phishing

  Phishing attacks are continually on the rise. Often indistinguishable from genuine emails, text messages or phone calls, these scams can inflict enormous damage organisations. Read more about phishing >>

• Malware

  Malware is a broad term used to describe any file or programme intended to harm a computer, and encompasses trojans, social engineering, worms, viruses and spyware. Read more about malware protection >>

• Social engineering

  Social engineering is used to deceive and manipulate victims to gain computer access. This is achieved by tricking users into clicking malicious links or by physically gaining access to a computer through deception. Read more about social engineering >>

• Outdated software

  The use of outdated (unpatched) software (e.g. Microsoft XP) opens up opportunities for criminal hackers to take advantage of known vulnerabilities that can bring entire systems down. Read more about patch management >>

• Vulnerabilities in web applications and networks

  Cyber criminals are constantly identifying new vulnerabilities in systems, networks or applications to exploit. These activities are conducted via automated attacks and can affect anyone, anywhere. Download our free infographic about web application vulnerabilities >>

How to protect against cyber security attacks

The most effective strategy to mitigate and minimise the effects of a cyber attack is to build a solid foundation upon which to grow your cyber security technology stack.

Solution providers often tell their clients their applications are 100% compatible and will operate seamlessly with the current IT infrastructure, and for the most part, this is true. The problem arises when we start adding IT security solutions from different manufacturers regardless of the granularity of their configuration settings – technology gaps will always be present.

And technology gaps will always appear for one simple reason: developers will always keep certain portions of their code proprietary as part of their competitive advantage. Hence, true compatibility and interoperability may only be 90%. These are known as technology gaps. It is through these gaps that attacks usually occur.

A solid cyber security foundation will identify these gaps and propose the appropriate action to take to mitigate the risk of an attack, enabling you to build a robust cyber security strategy.

Start your journey to being cyber secure today

IT Governance has a wealth of experience in the cyber security and risk management field. As part of our work with hundreds of private and public organisations in all industries, we have been carrying out cyber security projects for more than fifteen years. All of our consultants are qualified, experienced practitioners.

Our services can be tailored for organisations of all sizes in any industry and location. Browse our wide range of products below to kick-start your cyber security project.