What is cyber security?

To learn what cyber security is, you also have to know what it's not

Gone are the days where hearing a story about how a major international conglomerate lost millions of its customers' personal data through a data breach shocked us. Cyber attacks are no longer an abstract evil to which only the unlucky few became victims - they're everywhere now and seen, by and large, as an inevitability.

Advertisement - Article continues below

That's not to say cyber attacks have become inherently less scary, the likes of NotPetya and WannaCry may be things of the past but devilish malware is still found in the wild, tearing up systems worldwide. As the value of data increases, so does the demand for it which means businesses must keep iron-clad cyber defences if they want to avoid the debilitating GDPR fines that have already hit the tech giants.

But it isn't just the tech industry's heavy hitters that are subject to GDPR's fines, the UK's data protection watchdog is also known to come after the smallest companies for what might seem to some as small offences. With so much emerging technology being made available to businesses undertaking ambitious digital transformation projects, it's important to make security at the core of everything you do. Getting swept up in the thrill of AI and cloud computing is no excuse not to keep those endpoints secure and the SOC well-trained.

What cyber security isn't

When designing and implementing a cyber security strategy in an organisation, it's essential to establish first what it should and should not include. This is particularly important for smaller businesses where there are greater strains on available budgets and where skills may be in short supply.

Advertisement - Article continues below
Advertisement - Article continues below

Any strategy needs to make the most important business issues a primary focus, ensuring that nothing critical is overlooked. Cyber security will integrate and overlap with other areas of the business, but these blurred lines can often distract from the primary concern of the strategy.

This often comes up when businesses are assessing their data protection policies alongside cyber security. Although it's easy to conflate security and privacy, these two areas are distinctly different - putting up iron bars on a window is great for security but does nothing for privacy, while a curtain will have the opposite effect. Security policies should only focus on security, and leave privacy to a different strategy.

Cyber security is also often conflated with data backups. Having a good backup and disaster recovery strategy in place is essential for any business, however, it's no substitute for having robust security safeguards in place - particularly if your backups get wiped as part of an attack.

What cyber security is

OK, so what is cyber security then? The simplest definition comes by way of comparing and contrasting with information security: whereas information security is the protection of your data from any unauthorised access, cyber security is protecting it from unauthorised online access.

Advertisement - Article continues below

That was the simple definition, but for a more formal and comprehensive alternative you'd be hard-pressed to better the International Telecommunications Union (ITU) official take: "Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user's assets."

Cyber security is a process

Cyber security is not merely finding a solution to a problem, or indeed the problem itself. Cyber security is the process through which your business should go through in order to protect itself against evolving threats. This does include the tools and technologies needed to fight security threats, and also to maintain compliance, but it also includes the processes through which everyone in your organisation should go through in order to make sure nothing slips through the cracks.

The bottom line

Keeping cyber security at the heart of everything your business does and what your employees do is of paramount importance. It's not merely another process nor is it something that should simply be tagged on to the end of a businesses growth strategy.

Advertisement - Article continues below

While it's ultimately down to the business' IT team to keep things secure, a company-wide awareness should always be in place - it's everyone's responsibility to safeguard themselves and their system. Whether it's spotting an innocuous-looking phishing email or flagging a crippling form of ransomware, everyone can play a role in protecting what matters most to your business.

Featured Resources

Successful digital transformations are future ready - now

Research findings identify key ingredients to complete your transformation journey

Download now

Cyber security for accountants

3 ways to protect yourself and your clients online

Download now

The future of database administrators in the era of the autonomous database

Autonomous databases are here. So who needs database administrators anymore?

Download now

The IT expert’s guide to AI and content management

Your guide to the biggest opportunities for IT teams when it comes to AI and content management

Download now


cyber security

Zoom hires ex-Facebook CSO Alex Stamos to boost platform security

8 Apr 2020

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020

Most Popular

Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
cyber security

Microsoft gobbles up domain to keep it from hackers

8 Apr 2020

A critical flaw in 350,000 Microsoft Exchange remains unpatched

7 Apr 2020