Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, security includes both cybersecurity and physical security. Cyber security involves protecting information and systems from major cyber threats, such as cyber terrorism, cyber warfare, and cyber espionage. In their most disruptive form, cyber threats take aim at secret, political, military, or infrastructural assets of a nation, or its people. Cyber security is therefore a critical part of any governments’ security strategy. Cyberspace is particularly difficult to secure due to a number of factors: the ability of malicious actors to operate from anywhere in the world, the linkages between cyberspace and physical systems, and the difficulty of reducing vulnerabilities and consequences in complex cyber networks.
IT security is a protection of computer systems from the theft or damage to the hardware, software or the information on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.
The field is of growing importance due to the increasing reliance on computer systems and the Internet in most societies, wireless networks such as Bluetooth and Wi-Fi – and the growth of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things. Of growing concern is the cyber threat to critical infrastructure, which is increasingly subject to sophisticated cyber intrusions that pose new risks.
As information technology becomes increasingly integrated with physical infrastructure operations, there is increased risk for wide scale or high-consequence events that could cause harm or disrupt services upon which our economy and the daily lives of millions of Americans depend. In light of the risk and potential consequences of cyber events, strengthening the security and resilience of cyberspace has become an important homeland security mission. The US federal government for example, has allotted over $13 billion annually to cyber security since late 2010.Ensuring cybersecurity requires coordinated efforts throughout an information system. Elements of cybersecurity include:
- Application security
- Information security
- Network security
- Disaster recovery/business continuity planning
- Operational security
- End-user education
According to Forbes, the global cybersecurity market reached $75 billion for 2015 and is expected to hit $170 billion in 2020. Sophisticated cyber actors and nation-states exploit vulnerabilities to steal information and money and are developing capabilities to disrupt, destroy, or threaten the delivery of essential services. A range of traditional crimes are now being perpetrated through cyberspace. This includes the production and distribution of child pornography and child exploitation conspiracies, banking and financial fraud, intellectual property violations, and other crimes, all of which have substantial human and economic consequences.
Countering cyber attacks has risen rapidly up the agenda for both government and businesses, with the cost of cyber attacks estimated at approximately £26 billion in the UK and $1 trillion in the US. Cyber attacks are no doubt becoming more frequent and sophisticated – yet at the same time, it is increasingly considered that up to 96 per cent of attacks could be stopped if businesses were to get the basics right.
While organisations are spending significant amounts of money trying to keep cyber criminals at bay, financial investment alone won’t be enough to deter governments, hacktivists or nefarious gangs, nor will it prevent carelessness among employees. Increasingly, it’s apparent that senior executives need to step up and take the lead, and ensure everyone within the organisation knows the part they must play in creating a truly effective defence. In other words, delegating responsibility to an IT specialist won’t be good enough. Unless boards and executives understand the extent of the risks, it’ll only be a matter of time before security weaknesses are exploited. Some suggestions how
Some suggestions how organisations can beat cyber crime:
Scope out the risks: If security structures are to be successful, leaders need to identify where the cyber threats to their company originate and what’s being targeted. Peter Shore, Chairman of Arqiva, a provider of television and radio broadcast infrastructure, says: “One needs to prioritise your systems and put a defence around them according to how critical they are. Insulating yourself from every threat is impossible.
Sue Kean, Chief Risk Officer at FTSE 100 financial conglomerate Old Mutual, explains: “It's important to set a meaningful risk appetite. We have to accept that there could be occasional breaches.”
Choose a leader: Selecting the right person to lead the cyber security agenda is vital. Whether it’s the CRO, CIO, COO or CFO, the specific responsibilities will vary considerably depending on the organisation and how threat levels are perceived. What is clear is that they need to be constantly communicating with the executive committee and be thinking across the organisation. Whoever takes the lead must clearly identify the key action points, communicate them to their executive colleagues and ensure they’re being executed.
Engage the Board: According to Heather Savory, Independent Chair of the Open Data User Group, which advises the UK Government on the value of the data it collects says, boards are being short-sighted if they fail to treat cyber security as a priority.
Educate the Stakeholders: Employees are potentially a company’s biggest vulnerability when it comes to cyber security. However, for organisations that devote sufficient resource to informing them about the risks, staff can become a powerful asset.
We’re having to raise the level of education that we provide to our staff,” says Alan Towndrow, Group Information Systems Director at international asset manager, M&G Investments.
Leaders need to communicate the security strategy and explain exactly why it’s central to a business’ success.
Continually Reassess Position: Investment in cyber security should no longer be seen as a one-off, technical fix. Leaders have to regularly invest time and money into assessing the threats, their systems and cultural practices, or they’ll quickly find themselves at risk.
Security is not something that should get in the way of doing business but is something that enables to do it more safely. While the threat of cyber-attacks is growing, many organisations struggle to even get the basic safeguards in place to protect their infrastructure and data. Practical security measures included: regularly patching firewalls, updating firmware, setting strong passwords, changing the password the Wi-Fi router came with and asking employees who use their own devices at work to install anti-virus software and to switch on firewalls. It is, therefore, necessary for individuals to avoid such intrusion into their computer systems by having the best cyber security systems. These involve the acquisition of antivirus software that is reliable as well as frequently checking this software to ensure that they are preventing attacks.
The software has to be frequently updated so that there is an assurance that it is working at its full capacity, hence additional security against attack. It is important to ensure that individuals are conscious of their cyber security because it is not known when a threat is likely to be encountered.