What is Cyber Security?
Cyber Security is a component of Information Security, and as any Chief Information Security Officer (CISO) will explain, information is the lifeblood of an organisation. With cyberattacks attempted around the clock, the security of our digital data is now paramount, and it must be protected accordingly.
Every day, our networks are under attack from digital intruders. Its is estimated that the typical computer suffers 2,224 attempted penetrations (hacks) per day. While these are so-called 'brute force' efforts which rely on dictionaries of passwords known to be popular, there are also dedicated humans using ever more sophisticated methods.
Our information – whether it’s records of customers, financial, intellectual property, personal data or otherwise – surrounds us. It might be in paper form, held on a tablet or smart phone, or live on our networked drives and cloud repositories.
While we protect our information through physical security through locks on filing cabinets, for example, the real danger lies in a data breach caused by a lapse in our computer security. Thus, it’s our protection from the digital intruder which has come to the fore of information security. There's no doubt that cyber security has become one of the highest priorities, and rightly so. Cyber security in the modern workplace has truly come of age.
Cyber security is an IT problem?
Don’t regard cyber security as solely an IT responsibility: cyber security, integrated as it is with information security, relies upon every person within your organisation. An employee who saves their passwords in a little book, or shares them with another user, is risking the entire enterprise. This is why your Executive team must show leadership, and support the CISO or compliance team, or in the smallest organisation, the IT manager.
Just one in three (34%) people have trust and confidence in companies and organisations storing and using their personal informationElizabeth Denham, Information COmmissioner
Your Reputation Depends on your Cyber Security
In September 2018, Elizabeth Denham, the UK Information Commissioner, and head of the ICO, said that “Just one in three (34%) people have trust and confidence in companies and organisations storing and using their personal information”.
If the same public surveyed were aware that that 50% of British small and medium businesses SMEs are forecast to suffer a cyber attack within the next twelve months, that level of trust would shrink further.
Set the legal consequences aside (together with the potential penalties), and ask if your organisation can afford not to address the situation?
GDPR vs. Financial Penalties?
2018 also heralded new laws and regulations: the European Union adopted the General Data Protection Regulation (GDPR), and the Data Protection Act (2018) became U.K. law.
In a stroke, all organisations processing the personal data of residents of the E.U. became liable to significant financial and legal penalties when they fail to protect data. Crucially, the penalties at the disposal of the authorities increased to a staggering €20m, or 4% of turnover (or whichever is the greater).
Such penalties should be the least of your concerns. The potential damage to reputation is likely to dwarf the actions of the regulators when compared to the media publicity, the costs of rebuilding your brand through a public relations agency, and lost business which might take several years to recover.
Cyber Security Steps
To summarise cyber security, it maybe described as a collection of technologies, processes and practices designed to protect IT systems and data from unauthorised access. However, before we decide on the best approach, budgets and other resources and organisational changes which may be required, we must start by gaining the support of the Executive: without that, there will be failure.
What of your organisation? Do you think this really matters? Isn’t hacking something only relevant to giant corporations? Consider UK law firms: they had £11-million of client money stolen due to cyber-crime over 2017, with 60% of firms reporting an information security incident over the same period and an increase of 20% vs. the preceding year. Yes, cyber-crime is relevant to everyone!
Even the smallest organisations are vulnerable. There are victims across every sector of industry and commerce, charity and government. Can a local estate agency or recruitment consultancy, for example, survive if their name has become synonymous with a data breach? Often the answer is a definitive ‘no’.
There are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again
Robert Mueller, Director of the FBI
So where does this leave us? As Robert Mueller, the former director of the FBI said, ‘there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again’. Such sentiments have been echoed by the UK’s own National Cyber Security Centre, the NCSC.
On the one hand we have to defend against the efforts of nation states, such as North Korea, Russia, Iran, and on the other hand the determined and frighteningly effective efforts by sophisticated and well-funded criminal gangs. No doubt about it: we are all at risk.
Cyber security is most effective when fully integrated with risk management. Businesses can refer to a wide range of good cyber security guidance and adopt one or more of the available schemes to achieve a recognised level; ultimately the aim is to make it hard for attacks to be successful and be ready to respond to cyber security incidents.
Depending upon the size and current security stance of an organisation, once basic cyber security is achieved, it may be enhanced with efforts to meet higher standards, such as adopting the NIST Cybersecurity framework or going further still by achieving compliance with ISO 27001.
So which are you? The organisation which has been hacked, or the organisation which will be hacked again?
Cyber Security: Further Reading
We invite you to subscribe to our Cyber Security blog for periodic updates, ideal for circulating with your colleagues.
Have you read:
- The Relationship Between GDPR and Cyber Security
- The 5 Hidden Risks of File Sharing
- 10 Step Guide to Cyber Security
- Cyber Security vs. Printers and the IoT
- 12 Cyber Security Readiness Tips
- Cyber Security: Integrating Risk and the CIA Triad
- Why Understanding RISK is Central to Cyber Security
- A GDPR Centred Approach to Cyber Security
Keep up to date ... there's more to come
... of course we'd really appreciate it if you'd share what you've found!
Follow our blog and assemble your detailed guide to cyber security — all written in plain language to help you protect your organisation!
Director of Consulting Services
Humperdinck has a 30-year career spanning Document Management Systems (DMS), data protection, Artificial Intelligence and Robotic Process Automation. He believes the advances in office technology are such that we're entering the 4th Industrial Revolution, and Advanced UK is in a leading position.
Advanced UK www.advanced-uk.com