Cyber Security

What is cyber security?

Cyber security comprises technologies, processes and controls that are designed to protect systems, networks and data from cyber attacks.

Effective cyber security reduces the risk of cyber attacks, and protects organisations and individuals from the unauthorised exploitation of systems, networks and technologies.

---

What are the consequences of a cyber attack?

Cyber attacks can disrupt and cause considerable financial and reputational damage to even the most resilient organisation.

If you suffer a cyber attack, you stand to lose assets, reputation and business, and potentially face regulatory fines and litigation – as well as the costs of remediation.

The UK government's Cyber Security Breaches Survey 2017 found that the average cost of a cyber security breach for a large business is £19,600 and for a small to medium-sized business is £1,570.

---

The cyber threats organisations face

Although larger organisations tend to have a realistic appreciation of the cyber threats they face, many small to medium-sized enterprises are unclear about the ways in which they’re vulnerable, and as many as 45% mistakenly think they’re not a viable target.

In fact, all Internet-facing organisations are at risk of attack. And it’s not a question of if you’ll be attacked, but when you’ll be attacked. The majority of cyber attacks are automated and indiscriminate, exploiting known vulnerabilities rather than targeting specific organisations. Your organisation could be being breached right now and you might not even be aware.

Creating a solid cyber security foundation

The most effective strategy to mitigate and minimise the effects of a cyber attack is to build a solid foundation upon which to grow your cyber security technology stack.

Solution providers often tell their clients their applications are 100% compatible and will operate seamlessly with the current IT infrastructure, and for the most part, this is true. The problem arises when we start adding IT security solutions from different manufacturers regardless of the granularity of their configuration settings – technology gaps will always be present.

And technology gaps will always appear for one simple reason: developers will always keep certain portions of their code proprietary as part of their competitive advantage. Hence, true compatibility and interoperability may only be 90%. These are known as technology gaps. It is through these gaps that attacks usually occur.

A solid cyber security foundation will identify these gaps and propose the appropriate action to take to mitigate the risk of an attack.

A solid foundation provides organisations the confidence to build their cyber security strategies.

---

How IT Governance can help

IT Governance has a wealth of experience in the cyber security and risk management field. As part of our work with hundreds of private and public organisations in all industries, we have been carrying out cyber security projects for more than fifteen years. All of our consultants are qualified, experienced practitioners.

Our services can be tailored for organisations of all sizes in any industry and location.

THE IMPORTANCE OF CYBER SECURITY

Cyber security is important because government, military, corporate, financial, and medical organizations collect, process, and store unprecedented amounts of data on computers and other devices. A significant portion of that data can be sensitive information, whether that be intellectual property, financial data, personal information, or other types of data for which unauthorized access or exposure could have negative consequences. Organizations transmit sensitive data across networks and to other devices in the course of doing businesses, and cyber security describes the discipline dedicated to protecting that information and the systems used to process or store it. As the volume and sophistication of cyber attacks grow, companies and organizations, especially those that are tasked with safeguarding information relating to national security, health, or financial records, need to take steps to protect their sensitive business and personnel information. As early as March 2013, the nation’s top intelligence officials cautioned that cyber attacks and digital spying are the top threat to national security, eclipsing even terrorism.

CHALLENGES OF CYBER SECURITY

For an effective cyber security, an organization needs to coordinate its efforts throughout its entire information system. Elements of cyber encompass all of the following:

• Network security
• Application security
• Endpoint security
• Data security
• Identity management
• Database and infrastructure security
• Cloud security
• Mobile security
• Disaster recovery/business continuity planning
• End-user education

The most difficult challenge in cyber security is the ever-evolving nature of security risks themselves. Traditionally, organizations and the government have focused most of their cyber security resources on perimeter security to protect only their most crucial system components and defend against known treats. Today, this approach is insufficient, as the threats advance and change more quickly than organizations can keep up with. As a result, advisory organizations promote more proactive and adaptive approaches to cyber security. Similarly, the National Institute of Standards and Technology (NIST) issued guidelines in its risk assessment framework that recommend a shift toward continuous monitoring and real-time assessments, a data-focused approach to security as opposed to the traditional perimeter-based model.

MANAGING CYBER SECURITY

The National Cyber Security Alliance, through SafeOnline.org, recommends a top-down approach to cyber security in which corporate management leads the charge in prioritizing cyber security management across all business practices. NCSA advises that companies must be prepared to “respond to the inevitable cyber incident, restore normal operations, and ensure that company assets and the company’s reputation are protected.” NCSA’s guidelines for conducting cyber risk assessments focus on three key areas: identifying your organization’s “crown jewels,” or your most valuable information requiring protection; identifying the threats and risks facing that information; and outlining the damage your organization would incur should that data be lost or wrongfully exposed. Cyber risk assessments should also consider any regulations that impact the way your company collects, stores, and secures data, such as PCI-DSS, HIPAA, SOX, FISMA, and others. Following a cyber risk assessment, develop and implement a plan to mitigate cyber risk, protect the “crown jewels” outlined in your assessment, and effectively detect and respond to security incidents. This plan should encompass both the processes and technologies required to build a mature cyber security program. An ever-evolving field, cyber security best practices must evolve to accommodate the increasingly sophisticated attacks carried out by attackers. Combining sound cyber security measures with an educated and security-minded employee base provides the best defense against cyber criminals attempting to gain access to your company’s sensitive data. While it may seem like a daunting task, start small and focus on your most sensitive data, scaling your efforts as your cyber program matures.

Why Cybersecurity Is Required

The core functionality of cybersecurity involves protecting information and systems from major cyberthreats. These cyberthreats take many forms (e.g., application attacks, malware, ransomware, phishing, exploit kits). Unfortunately, cyber adversaries have learned to launch automated and sophisticated attacks using these tactics – at lower and lower costs. As a result, keeping pace with cybersecurity strategy and operations can be a challenge, particularly in government and enterprise networks where, in their most disruptive form, cyberthreats often take aim at secret, political, military or infrastructural assets of a nation, or its people. Some of the common threats are outlined below in more detail.

• Cyberterrorismis the disruptive use of information technology by terrorist groups to further their ideological or political agenda. This takes the form of attacks on networks, computer systems and telecommunication infrastructures.
• Cyberwarfareinvolves nation-states using information technology to penetrate another nation’s networks to cause damage or disruption. In the U.S. and many other nations, cyberwarfare has been acknowledged as the fifth domain of warfare (following land, sea, air and space). Cyberwarfare attacks are primarily executed by hackers who are well-trained in exploiting the intricacies of computer networks, and operate under the auspices and support of nation-states. Rather than “shutting down” a target’s key networks, a cyberwarfare attack may intrude into networks to compromise valuable data, degrade communications, impair such infrastructural services as transportation and medical services, or interrupt commerce.
• Cyberespionage is the practice of using information technology to obtain secret information without permission from its owners or holders. Cyberespionage is most often used to gain strategic, economic, political or military advantage, and is conducted using cracking techniques and malware.

How to Maintain Effective Cybersecurity

Historically, organizations and governments have taken a reactive, “point product” approach to combating cyberthreats, cobbling together individual security technologies – one on top of another – to protect their networks and the valuable data within them. Not only is this method expensive and complex, but news of devastating cyber breaches continues to dominate headlines, rendering this method ineffective. In fact, given the pervasiveness of data breaches, the topic of cybersecurity has catapulted to the top of the priority list for boards of directors, which are seeking a far less risky way. 

Instead, organizations can consider a natively integrated, automated Next-Generation Security Platform that is specifically designed to provide consistent, prevention-based protection – on the endpoint, in the data center, on the network, in public and private clouds, and across SaaS environments. By focusing on prevention, organizations can prevent cyberthreats from impacting the network in the first place, and reduce overall cybersecurity risk to a manageable degree.