Cybersecurity what is it?

It might sound like a simple question but there is often confusion between this and information security, in fact many people use the terms interchangeably. True they both take responsibility for security and safeguarding a system from breaches and attacks, but they are not exactly the same. Information security protects all information from any form of threat including unauthorized access and users it includes all information assets in hard or soft form. Whereas cybersecurity looks at any threats from cyber space and secures anything that is insecure through the organization’s ICT (information and communications technology).

Why do we need it?

  • Cyber attacks are growing in complexity and employ more sophisticated tactics such as malware, ransomware and social engineering
  • Cyber crime is big money and generates trillions of dollars for those who partake. It can be incentivized by political or social agendas
  • Breaches are costing organizations a great deal in incurred fines especially if they do not adhere to strict regulations that safeguard data
  • Reputational damage can be hard to recover from and a cybersecurity breach can do more than lose revenues and restrict operations. Business leaders cannot afford to ignore it and in doing so they impact their own ability to govern, Britney Hommertzheim says, “as cybersecurity leaders, we have to create our message of influence because security is a culture and you need the business to take place and be part of that security culture.”

How to get started

Robust cybersecurity implements controls based on a three-pronged approach. It includes people, processes and technology as a method for helping organizations defend against internal and external security threats.

People – All employees need to be aware that they play a role in preventing and mitigating cyber attacks, simply through their level of understanding and training. Fully conversant staff possess the updated skills needed.

Processes – Due to the evolving nature of cyber threats an organization’s process documentation regarding its information needs to be defined properly.

Technology – This is where parameters and controls come into play, and these are determined with the technology at hand. It is a good opportunity to project what is needed to prevent and mitigate future threats and carry out a risk assessment, Tim Cook says, “we shouldn’t ask our customers to make a tradeoff between privacy and security. We need to offer them the best of both. Ultimately, protecting someone else’s data protects all of us.”

What are the core cybersecurity measures?

  1. Train your employees – the fact remains that human error is one of the key causes of breaches. When all employees are aware and possess a cybersecurity safe psyche, they are equipped to deal with threats when they happen. Training courses show firsthand how to respond.
  2. Look at application security – web applications are a common route into a system so limiting this access point is crucial. Focusing on security and keeping on top of updates and patches is essential.
  3. Check network security – this is where the integrity and usability of your network and system is protected. Regular penetration testing that looks for vulnerabilities is essential
  4. Manage passwords – as simple as it might sound having a password policy in place guides employees in how to create and maintain strong passwords
  5. Get leadership commitment – business leaders can enforce the need for a cybersecurity mindset and invest appropriately in it

Cybersecurity top ten tips

  1. Don’t get complacent – hackers don’t discriminate the type of user they target
  2. Back it up – use the cloud or an external drive so if you do get hacked you can recover swiftly. Break the link between the environments, and make it one way.
  3. Track your footprint – monitoring your digital roaming (online accounts etc) makes it easier to catch suspicious activity
  4. Don’t leave devices unattended – if you must then makes sure they are locked
  5. Keep updated – don’t let security patches expire tedious and disruptive as that might feel
  6. Use secure connections – never use an unsecured connection and connect via private networks only
  7. Social engineering awareness – don’t be duped by a hacker who has tried all the usual means to get in and now is resorting to social media tricks
  8. Lock your mobile devices – use strong passwords, don’t connect to public wi-fi and turn off your bluetooth
  9. Use your own devices – don’t share or give remote access
  10. Think before you click – check the sender is legitimate