Cyber Security - What is Cyber Security?
Tuesday 28 August 2018
Cyber security is the protection of internet-connected systems, including hardware, software and data, from cyber-attacks. Cyber security can comprise technologies, controls and processes that are designed to protect networks from cyber-attacks, when cyber security is used properly it reduces the risk of cyber-attacks and protects individuals and organisations from the exploitation of networks and systems.
History of cyber security
Cyber security started off with a research project and more specifically a program named ‘Creeper.’ Creeper was designed by Bob Thomas and it made it possible for a computer program to move across a network, leaving a trail wherever it went. The program was then changed to create the first computer worm and consequently, the first antivirus software was created to chase the creeper and delete it.
How does cyber security affect a business?
A successful cyber-attack can damage a business in a major way and most importantly affect consumer trust. The impact of cyber security can be divided into three categories; Financial, reputational and legal.
Financial- Cyber-attacks can result in financial loss by theft of money, theft of financial and corporate information such as bank details, disruption of trading (when a company is unable to carry out transactions online) and loss of business/contracts.
Reputational- The reputational impact is based on trust. Cyber-attacks can damage the reputation of your business which will result in losing the trust of customers. This can result in the loss of sales/customers and overall a loss of profits. Reputational damage can also have an impact on suppliers and may affect relationships with business partners, investors and shareholders/stakeholders.
Legal- The legal impact focuses on data protection and privacy laws that you are required to follow. If personal data from staff/customers is compromised, the company will face fines and regulatory sanctions. This is now even more important as all businesses must comply with General Data Protection Regulation (GDPR)
How to minimise the impact of cyber-attacks on businesses
Security breaches can affect every business, no matter how strong/established their security systems are, this is why it is extremely important to manage the risks accordingly. Some businesses have adopted a cyber security incident response plan. This can help to
reduce the impact of the cyber attack
clean up the systems that were affected
get the business back to normal in the shortest time period possible
The problem of this approach is that it is quite expensive to train the workforce. However, in the long run it can help educate your employees and improve awareness in your organisation.
Cyber security is a business issue and not just an IT issue, Businesses can combat the problem in four ways. These are
Commitment from the top- A business will need support from management to develop a long term strategy for growth in relation to cyber security.
Organisational alignment- Businesses must help develop a relationship with stakeholders/shareholders and establish a clearly defined operating model. Another way in which the company can combat this problem is to be willing to invest in cyber security.
People, processes and technology to implement- Businesses must have a workforce that have a range of capabilities and a diverse level of experience as technical IT skills are no longer enough. Processes must be documented and communicated clearly; staff must also be able to update these processes regularly. Businesses must also supplement their technology deployment efforts (process, training and awareness).
Operational enablement- Businesses must seek continuous improvement by monitoring performance. They should also ensure that their technology is physically secure (especially when dealing with Wi-Fi) The environment is also very important for operational enablement as a business should manage events associated with business priorities and make sure they know how this will risk/effect the company.
Cyber Security Challenges
According to Mason (2018) cybercriminals are going to create over 3.5 million new, unfilled cyber security jobs by 2021 compared to 1 million in 2016. This is an increase of over 350 percent in five years. This increase means that businesses have to dedicate revenue to cyber security by hiring security professionals to maintain high levels of privacy for customers. In 2017 businesses spent over $85 billion on protection.
Below is a graph explaining the cyber security challenges faced by small and medium sized businesses. The main problem here is employees using non- company devices to access the company network (22%), followed by risk from third party service providers and supporters (19%). The other problems are funding, the struggle to find cyber security qualified professionals and providers/vendors.
Cyber Security Awareness
It is very important to protect yourself/your business online. A business can do this by simply protecting accounts with strong authentication that goes beyond usernames and passwords, avoiding phishing attempts and making sure all mobile devises are protected. The six ways in which businesses can be more aware in relation to cyber security are to identify threats, identify vulnerabilities, assess risk exposure, develop protection and detection measures, establish contingency plans and respond to cyber security incidents. The diagram below shows ways in which a business can be more aware to the threats posed online.
Another way businesses can protect themselves from cyber security is the cyber essentials scheme. The cyber essentials scheme is a government backed, industry-supported scheme that helps organisations protect themselves against online threats. The cyber essentials scheme was launched in June 2014 and enables businesses to gain two cyber essential badges and as of 1 October 2014, it is now a government requirement to be certified against the cyber essentials scheme if you are a business that deals with contracts involving the handling of certain types of sensitive and personal information.
Cyber security has now become even more important in relation to the new GDPR law which is a replacement for the 1995 data protection directive. The General Data Protection Regulation (GDPR) (EU) 2016 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area . It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. This law will affect companies as they have to comply with GDPR, for example Facebook have now launched a new range of tools which allows users to control their privacy and delete information that they would not be comfortable sharing. The advantages of GDPR are that it unifies data protection all over Europe and it requires businesses to be conscious about their use of personal data. The disadvantages of this are that it is not always clear, it may not solve all data protection issues and it may require systems to be updated which will be expensive. The security of data has never been more vulnerable as cybercriminals are ready to exploit any weakness in a system. Businesses can no longer afford to ignore cyber security and GDPR can act as a guide to combat this problem. GDPR will increase the cyber security of all companies that do business in the EU and EEA, as data breaches/leaks can ruin a business’ reputation. It is very common that customers will take their business elsewhere if they are unsure about how safe their data is.
Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These attacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.
Throughout this essay, I have discussed the meaning of cyber security, history of cyber security, how it affects a business, the challenges of cyber security and how a business can be more aware in relation to the topic. In my opinion, increasing awareness of cyber security is very important for any business because the internet/technology has become an integral part of everyday life, whether it be communicating through social media/instant messaging, travelling, shopping or studying. The growth of internet use means that protecting information has become even more important than before for businesses.
Martin joined FinTrU in October 2016 and was part of our fourth Financial Services Academy. Martin graduated from St Mary’s University College, Belfast with a BA in Liberal Arts Physical Education and went on to complete a MSC in Management at Queens University Belfast.
Martin has been working as part of the Client Outreach Team for a Tier One investment bank, and has worked on various regulations such as UMR and MiFID II. Martin is currently working on the CERTS project. The CERTS project encompasses three regulations which are 2111 Suitability Certification, SMMP certification and Municipal Advisors.