So what is Cyber Security? Well, one thing is for sure, it’s a complicated business with many facets! With no true standardised definition, it really depends on whether you are talking to Government, enterprise or consumer.
From the enterprise and consumer perspective, cyber security may be defined as a suite of technologies, processes and practices designed to protect networks, computer systems, mobile devices, websites, programs and data from unauthorised access, accidental damage or even malicious attack – perhaps better described as Enterprise or Consumer Cyber Security.
The Economic Times of India positions cyber security under four key areas of focus – applicationsecurity, information security, disaster recovery and network security. A good start but maybe a little too generic to be useful to enterprise or consumer – if only it were that simple!
A deeper dive into the facets of cyber security identifies three key concepts, as outlined by the US CRS, that, once understood, can assist in protecting enterprise and consumer alike. These three concepts are: threats, vulnerabilities and impacts.
For enterprise and consumer, the threat actors are generally criminals, intent on monetary gain, and spies who would steal valuable information, intellectual property and commercial secrets. These threat actors use a variety of means to exploit fixable vulnerabilities in enterprise and consumer systems, e.g., via Malware, Phishing and Spear Phishing, and Advanced Persistent Threat (APTs).
There are, however, some threats that are deemed ‘unfixable’ either due to the cost of the fix or the technology used, e.g., ‘Zero-day’ attacks where a hacker exploits an unknown vulnerability in software applications. With no advance knowledge, ‘Zero-day’ attacks are therefore pretty much impossible for the enterprise to protect against.
The impact of successful penetration of vulnerable enterprise and consumer systems is many and varied. For the consumer, perhaps access to banking facilities and sensitive personal information which at its worst culminates in identity and monetary theft. For the enterprise, damage to industrial systems such as utility plants, destruction or theft of sensitive or high value information and ‘denial of service’ (DOS) attacks that impede day-to-day enterprise workflow are the norm – not to mention reputational damage. And, globally it is costing industry and consumer trillions of dollars each year.
For Nation States, there is a much darker side to cyber security in the very real threat from cyber terrorism, cyber warfare and cyber espionage.
Over the next few weeks we will take a deeper dive into all of these areas, step by step, unravelling and demystifying cyber security for both consumer and enterprise cyber security professionals alike. Identifying tips, tricks and hints on how to easily and cheaply build a portfolio of policies, applications and readily available solutions to everyday cyber security threats, with the aim to easily and affordably protect you and your enterprise from the most prevalent of cyber security threats.
That said, as we cannot truly define cyber security, likewise we cannot define a silver bullet solution. Rather there is a need for a layered approach to cyber security, building security policies, overlaying security applications with specific core capabilities to meet the needs of those policies with the ambition being to identify cyber security solutionsthat meet the needs of you the consumer or your enterprise.
Finally, why should we, the consumer, be bothered about cyber security? Well… because, ultimately someone always pays for cyber crime and that someone is generally you and me, the consumer! Whether it is the potential for increased prices for Sony movies as a result of the reported $71 million cost of the “Sony hack” or increased bank charges and interest rates because so many consumers lose their bank login and password details via ‘phishing’ – the consumer pays every time.
My belief is that with a better understanding of some of the key concepts, tools and solutions, we can reduce the vulnerabilities in, and thus the threat to, our personal and enterprise computer systems – saving ourselves and our respective economies millions of dollars/pounds/rupees that can be put to better use elsewhere.