What Is Cybersecurity?
Cy·ber·se·cur·i·ty. The practice of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this.
At least, that’s what the dictionary says. Do you agree?
Over the years the term cybersecurity has been thrown around to the point where it is almost synonymous with terms like IT security or information security. It’s kind of like saying every square is a rectangle, but not every rectangle is a square.
Confused? Let’s break it down.
IT Security vs. Cybersecurity
Every square IS a rectangle because a square is a quadrilateral with all four angles being right angles. Similarly, cybersecurity IS a part of the IT security umbrella, along with its counterparts, physical security and information security.
But not every rectangle is a square, since the criteria to qualify as a square means all sides must be the same length. The point is, not all IT security measures qualify as cybersecurity, as cybersecurity has its own distinct assets to protect.
CompTIA’s Chief Technology Evangelist, James Stanger says it best when he defines cybersecurity as “focusing on protecting electronic assets – including internet, WAN and LAN resources – used to store and transmit that information.”
Of course, the threat to these electronic assets are hackers who have malicious intent to steal proprietary data and information via data breaches. Thus, it would seem the fully realized definition should include an evolving set of cybersecurity tools designed to protect confidential data from unauthorized access. To do so, it’s necessary to consider how people, processes and technology all play equally important roles in keeping information safe.
3 Components of Cybersecurity
Let’s face it, no matter what precautions you put into place, if people don’t follow the rules, you’re still at risk. The saying “you’re only as strong as your weakest link” comes to mind. In most cases, human error is just that – a mistake.
Most people aren’t intentionally bypassing security protocol – they either aren’t trained to do so, or they aren’t educated about the significance of their actions. Conducting security awareness training and reinforcing the most basic cybersecurity principles with employees outside of the IT department can make a big difference in your company’s security posture.
Here are five ways the human factor can increase your cybersecurity risk:
- Suspicious URLs and Emails: Explain to employees that if something looks strange – it probably is! Encourage staff to pay attention to URLS, delete emails that don’t have content or look like they are coming from a spoofed address, and stress the importance of guarding personal information. As the IT professional, it’s your responsibility to raise awareness of potential cybersecurity threats.
- Password Idleness: We know that holding on to the same password for ages isn’t a great idea. But, Bob in finance may not understand that. Educate employees about the importance of frequently changing passwords and using strong combinations. We all carry a plethora of passwords and since it’s a best practice not to duplicate your passwords, it’s understandable that some of us need to write them down somewhere. Provide suggestions on where to store passwords.
- Personally Identifiable Information: Most employees should understand the need to keep personal browsing, like shopping and banking tasks, to their own devices. But everybody does a bit of browsing for work, right? Emphasize the importance of keeping an eye on what websites may lead to others. And, that includes social media. Karen in customer service may not realize that sharing too much on Facebook, Twitter, Instagram, etc. (like personally identifiable information) is just one way hackers can gather intel.
- Backups and Updates: It’s fairly easy for an unsavvy tech consumer to go about their daily business without backing up their data regularly and updating their system’s anti-virus. This is a job for the IT department. The biggest challenge here is getting employees to understand when they need your help with these items.
- Physical Security for Devices: Think about how many people in your office leave their desk for meetings, gatherings and lunch breaks. Are they locking their devices? Highlight the need to protect information each and every time a device is left unattended. You can use the airport analogy. Airport staff are constantly telling us to keep track of our bags and never leave them unattended. Why? Well, because you just don’t know who is walking by. Encourage employees to protect their devices with as much care as they protect their baggage.
When employees outside of the IT department are trained, IT pros can focus on process. The processes by which cybersecurity professionals go about protecting confidential data are multi-faceted. In short, these IT pros are tasked with detecting and identifying threats, protecting information and responding to incidents as well as recovering from them.
Putting processes into place not only ensures each of these buckets are being continuously monitored, but if cybersecurity attacks happen, referencing a well-documented process can save your company time, money and the trust of your most valuable asset – your customers.
The National Institute of Standards and Technology (NIST) under the U.S. Commerce Department has developed the Cybersecurity Framework for private-sector companies to use as a guide in creating their own best practices. The standards were compiled by NIST after former U.S. President Barack Obama signed an executive order in 2014. It’s a great resource to use as you work to combat your cybersecurity risk.
Once you have frameworks and processes in place, it’s time to think about the tools you have at your disposal to start implementation.
Technology has a dual meaning when it comes to your toolbox:
- The technology you’ll use to prevent and combat cybersecurity attacks, like DNS filtering, malware protection, antivirus software, firewalls and email security solutions.
- The technology your data lives on that needs your protection, like computers, smart devices, routers, networks and the cloud.
Back in the day, cybersecurity initiatives focused on defensive measures inside the boundaries of traditional tech. But today, policies like Bring Your Own Device (BYOD) have blurred those lines and handed hackers a much broader realm to penetrate. Remembering cybersecurity basics like locking all of your doors, windows, elevators and skylights will keep you from joining the cyber-crime statistics.
Businesses, governments and individuals store a whole lot of data on computers, networks and the cloud. A data breach can be devastating in a variety of ways for any of these entities.
The good news is that the importance of cybersecurity has been steadily increasing over the years to the point where executives outside of the IT department are taking notice and setting priority. In fact, International Data Corporation (IDC) predicts that global spending on security will hit $103.1 billion in 2019, then grow at a compound annual growth rate of 9.2% through 2022, eventually reaching $133.8 billion.
The key takeaway? Cybersecurity is a complex practice, and the best way to prevent attacks and protect your information is via a multi-layered cybersecurity approach that weaves together your people, processes and technology.