What is cyber security all about?
In 1971, the first computer virus was created. Named the ‘Creeper’, it travelled between terminals of an early iteration of the internet network printing out the message; ‘I’M THE CREEPER. CATCH ME IF YOU CAN.’
Fast-forward to today and the stakes have become a lot higher. Cyber Security has become a priority for every organisation, with potential losses in the millions. But if you’re a CEO rather than a CIO, understanding every aspect can get complicated.
Cyber security is what protects computers, servers, data, networks, and mobile devices from unauthorised users, or put simply, cyber attacks.
All individuals and organisations are vulnerable to potential cyber threats which are constantly evolving, and security breaches can and will happen. The key is to reduce those risks and be resilient enough when they do.
Also known as information technology security, cyber security isn’t just one thing. It’s a broad range of technologies, techniques, processes, and controls that work together to provide protection. A crucial part of cyber security involves monitoring to ensure an attack is stopped before it causes any damage.
Why do you need cyber security?
The more we live our lives online, the more we expose ourselves and our data to potential threats. We rely heavily on technology and as new technologies emerge; attackers get more creative.
We share our data constantly, from online shopping to social media, and organisations collect, process and store that data. Cyber security protects the theft and damage of that data, and without it, organisations are at risk from being targeted by cyber criminals.
The average cost of a data breach in 2020 was $3.86 million.2 But the consequences can be more than just financially devastating. Organisations face reputational and legal damage alongside the loss of earnings. Tighter regulations such as GDPR mean organisations must take cyber security matters seriously to avoid breaking the law.
What is a cyber attack?
There is an estimated cyber attack every 39 seconds.3
A cyber attack is when somebody wants to access, change, steal or destroy information. Often with the aim of extorting money or disrupting business processes.
Cybercriminals use a variety of methods to launch a cyber attack, and these attacks are becoming increasingly sophisticated.
Most security experts believe cyber attacks are no longer a matter of ‘if’, but a matter of ‘when’. The key is to be set up to deal with them, with the speed of response being a critical factor.
Don’t just think it’s individuals or small companies who fall foul to an attack either. Companies previously affected by cyber attacks include eBay, Facebook, LinkedIn and Adobe. So, no matter how big your budget, attacks can happen.
Common types of cyber attacks include:
One of the biggest threats to online security is phishing. Simply put, this is when attackers impersonate an organisation or individual to collect private, sensitive, or valuable data and information. With this type of attack, they use bait - such as email - hence the name.
Although email is the most common form of phishing, it can also be done via SMS or page hijacking. In recent years, it has become very hard to spot as cybercriminals have adopted increasingly sophisticated methods to fool their victims. The email address can look identical, as can the email signature and footers look legitimate. Attackers go to great lengths to reach their goal and according to a report, one in every 3,722 emails in the UK is a phishing attempt.4
One of the oldest forms of cyber attack, malware is a form of software that can cause harm to a computer. It can be in the form of a virus, worm, trojan horse or spyware, and with the increased use and reliance on mobile devices, mobile phone attacks are on the rise.
Malware can be delivered in a variety of ways, through email attachments, advertisements, infected USB drives, apps, emails or even text messages. It can be difficult to detect but simple steps such as software updates can help to keep these security incidents at bay.
A type of malware that is designed to block or lockdown a computer system until a ransom is paid. It’s a growing threat, with industries such as healthcare and financial services more prone to targeting than others.
Nasstar’s Head of Security, Craig Stirling, knows how dangerous ransomware can be: “Ransomware is not only on the rise but it has evolved. It now runs in virtual memory, almost undetectable and is capable of stealing personal data and encrypting your business in less than 20 minutes.”
The average ransom cost grew threefold from 2019 to 20205 and today’s criminals don’t even have to be tech-savvy. Marketplaces now offer ransomware services for people looking to exploit organisations so almost anyone can become a cyber criminal.
A tactic used to trick the victim into revealing sensitive information, usually via non-technical strategy. So rather than the attacker having to break in somewhere, they manipulate the victim into giving the information out.
When combined with other forms of cyber threats, it seeks to access passwords or bank information under the guise of a friendly form.
What are the different types of cyber security?
Cyber security is usually broken down into categories and for an organisation to be effective in beating cyber attacks, all types must be considered. Here are the most common;
This is the practice of protecting your network and data from a cyber threat. Types of network security include firewalls, anti-virus and anti-malware software and VPN amongst others.
Network security will use a combination of different layers of defences to ultimately stop an attacker from entering your network and spreading. Every organisation, no matter what size, needs some form of network security in place.
- Antivirus and antimalware software
This is what keeps the viruses, malicious code, ransomware attacks, worms and trojan horses out. It scans files on entry and then continues to scan and track.
These act as a barrier between your internal network and external, untrusted networks. There are usually a defined set of rules that blocks unwanted traffic onto the network.
- Virtual Private Networks
Creating a connection to the network from another location, VPNs as they are known, ensure only trusted users can gain access to secure or personal information. As working from home is now commonplace, VPNs are more important than ever.
This is the process of making applications more secure by detecting and fixing security weaknesses in your software. An application is any computer programme designed to carry out a task – your internet browser is one for example - and according to reports, 76% of applications have at least one security flaw.6
It is the most common external cyber attack method7, and experts predict it will only continue to grow, so is a vital part of any organisation’s development cycle.
Also referred to as data security, involves protecting the integrity and privacy of data, both in storage and in transit. Often known as Infosec, it can come in the form of digital or analogue threats.
There are three main objectives of information security, known as CIA:
- Confidentiality – maintained through access restrictions, this prevents unauthorized users from accessing information.
- Integrity – ensures authenticity and accuracy of information. Maintained by restricting permissions to edit or modify information.
- Availability – ensures authorised users can gain access to the information through access procedures, backups and maintenance of hardware and network connections.
The layers of cyber security within an organisation should stop an attack before it causes too much damage. But, should the worst happen, this is when disaster recovery comes in.
The plan focuses on supporting business-critical functions to restore operations and information to the same capacity as before the event.
More than the tech
Companies cannot simply rely on cyber security tools though. Your employees could be you very own cyber security hazard. With 95% of cyber security breaches caused by human error,8 staff in all organisations need to be educated so they understand what to look out for and when to raise the alarm. And with any effective plan or strategy, preparation is key, as Nasstar’s Head of Security, Craig Stirling, knows: “It's plain and simple – if you don’t prepare then with high probability your business is or will be under attack shortly.”