Cyber security definition
Cyber security is the application of technologies, processes and controls to protect systems, networks, programs, devices and data from cyber attacks.
It aims to reduce the risk of cyber attacks and protect against the unauthorised exploitation of systems, networks and technologies.
Learn more about the cyber threats you face.
To learn more about the fundamentals of cyber security, read our pocket guide Cyber Security: Essential principles to secure your organisation.
Why is cyber security important?
The costs of cyber security breaches are rising
Privacy laws such as the GDPR (General Data Protection Regulation) and DPA (Data Protection Act) 2018 can mean significant fines for organisations that suffer cyber security breaches. There are also non-financial costs to be considered, like reputational damage.
Cyber attacks are increasingly sophisticated
Cyber attacks continue to grow in sophistication, with attackers using an ever-expanding variety of tactics. These include social engineering, malware and ransomware.
Cyber security is a critical, board-level issue
New regulations and reporting requirements make cyber security risk oversight a challenge. The board needs assurance from management that its cyber risk strategies will reduce the risk of attacks and limit financial and operational impacts.
Cyber crime is a big business
According to The hidden costs of cybercrime, a 2020 study carried out by McAfee and the CSIS (Centre for Strategic and International Studies), based on data collected by Vanson Bourne, the world economy loses more than $1 trillion (approximately £750 billion) each year. Political, ethical and social incentives can also drive attackers.
Who needs cyber security?
It is a mistake to believe that you are of no interest to cyber attackers. Everyone who is connected to the Internet needs cyber security. This is because most cyber attacks are automated and aim to exploit common vulnerabilities rather than specific websites or organisations.
Types of cyber threats
Common cyber threats include:
- Malware, such as ransomware, botnet software, RATs (remote access Trojans), rootkits and bootkits, spyware, Trojans, viruses and worms.
- Backdoors, which allow remote access.
- Formjacking, which inserts malicious code into online forms.
- Cryptojacking, which installs illicit cryptocurrency mining software.
- DDoS (distributed denial-of-service) attacks, which flood servers, systems and networks with traffic to knock them offline.
- DNS (domain name system) poisoning attacks, which compromise the DNS to redirect traffic to malicious sites.
Learn more about the cyber threats you face, the vulnerabilities they exploit and the types of attacks that cyber criminals use to deliver them
What are the 5 types of cyber security?
1. Critical infrastructure cyber security
Critical infrastructure organisations are often more vulnerable to attack than others because SCADA (supervisory control and data acquisition) systems often rely on older software.
Operators of essential services in the UK’s energy, transport, health, water and digital infrastructure sectors, and digital service providers are bound by the NIS Regulations (Network and Information Systems Regulations 2018).
Among other provisions, the Regulations require organisations to implement appropriate technical and organisational measures to manage their security risks.
2. Network security
Network security involves addressing vulnerabilities affecting your operating systems and network architecture, including servers and hosts, firewalls and wireless access points, and network protocols.
3. Cloud security
Cloud security is concerned with securing data, applications and infrastructure in the Cloud.
4. IoT (Internet of Things) security
IoT security involves securing smart devices and networks that are connected to the IoT. IoT devices include things that connect to the Internet without human intervention, such as smart fire alarms, lights, thermostats and other appliances.
5. Application security
Application security involves addressing vulnerabilities resulting from insecure development processes in the design, coding and publishing of software or a website.
Cyber security vs information security
Cyber security is often confused with information security.
- Cyber security focuses on protecting computer systems from unauthorised access or being otherwise damaged or made inaccessible.
- Information security is a broader category that protects all information assets, whether in hard copy or digital form.
The legal requirement for cyber security
The GDPR and DPA 2018 require organisations to implement appropriate security measures to protect personal data. Otherwise, you risk substantial fines.
Cyber security is a critical business issue for every organisation.
Cyber Security as a Service
Unrivalled support, expert advice and ongoing protection to address your organisation’s cyber security.
An outsourced cyber security resource in just one simple, monthly payment.
Find out more
Challenges of cyber security
Mitigating the cyber security risks facing your organisation can be challenging. This is especially true if you have moved to remote working and have less control over employees’ behaviour and device security.
Learn more about remote working and cyber security
An effective approach must encompass your entire IT infrastructure and be based on regular risk assessments.
Learn more about cyber security risk assessments
What are the consequences of a cyber attack?
Cyber attacks can cost organisations billions of pounds and cause severe damage. Impacted organisations stand to lose sensitive data, and face fines and reputational damage.
Learn more about cyber crime and how it affects you
Learn about the cyber threats you face
Managing cyber security
Effective cyber security management must come from the top of the organisation.
A robust cyber security culture, reinforced by regular training, will ensure that every employee recognises that cyber security is their responsibility and defaults to security instinctively.
Good security and effective working practices must go hand in hand.
How to approach cyber security
A risk-based approach to cyber security will ensure your efforts are focused where they are most needed.
Using regular cyber security risk assessments to identify and evaluate your risks is the most effective and cost-efficient way of protecting your organisation.
Learn more about cyber risk management
Cyber security checklist
Boost your cyber defences with these must-have security measures:
1. Staff awareness training
Human error is the leading cause of data breaches. It is therefore essential that you equip staff with the knowledge to deal with the threats they face.
Staff awareness training will show employees how security threats affect them and help them apply best-practice advice to real-world situations.
2. Application security
Web application vulnerabilities are a common point of intrusion for cyber criminals.
As applications play an increasingly critical role in business, it is vital to focus on web application security.
3. Network security
Network security is the process of protecting the usability and integrity of your network and data. This is achieved by conducting a network penetration test, which assesses your network for vulnerabilities and security issues.
4. Leadership commitment
Leadership commitment is key to cyber resilience. Without it, it is tough to establish or enforce effective processes. Top management must be prepared to invest in appropriate cyber security resources, such as awareness training.
5. Password management
Almost half of the UK population uses ‘password’, ‘123456’ or ‘qwerty’ as their password. You should implement a password management policy that provides guidance to ensure staff create strong passwords and keep them secure.
Start your journey to being cyber secure today
IT Governance has a wealth of security experience. For more than 15 years, we’ve helped hundreds of organisations with our deep industry expertise and pragmatic approach.
All our consultants are qualified and experienced practitioners, and our services can be tailored for organisations of all sizes.
Browse our wide range of products below to kick-start your project.