What is cyber security

Cyber security is a field concerned with protecting sensitive and critical information and information systems from digital attacks. It is a measure that organizations and individuals practice and design to prevent security threats against their network systems, applications, datacenters, and facilities. The security threats may originate from inside of the organization or external threat agents.

Cybercriminals, whether internal or external, have various motives to target and attack individuals and organizations. Moreover, they may target individuals and customer’ personally identifiable information (PII) such as names, credit card information, national identification numbers, addresses, driver’s license number and related information. Cyberattacks may also emanate from insider threats or disgruntled employees or contractors with motives such as grudge, demotion, espionage, spying, or financial gains. Besides, the cybercriminals sell these personal or organizational information in underground digital marketplaces or through the dark web for financial gains and other nefarious reasons. This in turn may result in a loss of customer trust, an imposition of compliance and regulatory fines, legal actions and even bankruptcy.

Organizations with comprehensive security governance, strategy, roadmap, goals, security programs, security experts, risk management and security controls in place will be in a better position to defend and protect their assets from the cyberattacks. However, companies that lack security governance and security awareness are the most vulnerable to cyberattacks. In addition, senior management support goes a long way in protecting organizations and averting various cyberattacks. Cyber security works best with top-down approach and cyber security professionals and managers should develop persuasive business cases and programs to bring the people at the top onboard in the fight against cyberattacks.

All in all, the purpose of cyber security is to ensure the confidentiality, integrity and availability (CIA) of information and information systems. Furthermore, cyber security requires strong strategic, tactical and operational protection layers to defend against cybercrimes such as unauthorized attempt to access, modification and destruction of data or organizational assets. Besides, cyberattacks may be motivated by extortion of money from individuals or organizations, disruptions of normal business operations and other criminal intents.

Cyber security incorporates one of more of the following major domains to safeguard organizations and individuals:

• Network Security: these security measures are established to safeguard physical and virtual computer networks from cybercriminals. Network security includes protections of wired and wireless networks of an organization.
• Application Security: aims to protect software applications and data against cyberattacks and security threats. This may include protection of web applications, operating systems, APIs, source code and related components.
• Personnel Security: This security measure encompasses from recruitment until terminations of employments and beyond. It includes background checks, onboarding, transfer, off-boarding, nondisclosure agreements (NDA), etc.
• Cloud Security:
• Information Security: protecting critical and sensitive organizational data from an unauthorized access, exposure, tampering, theft, destructions, corruptions, etc.
• Storage Security: protecting primary and secondary storage disks and devices through techniques such as full disk encryptions (FDE), backups, memory protections, and so on security measures
• Mobile Security: Concerns with protecting mobile devices and the processes that make use of mobile devices. Security measures may include mobile device managements (MDM), BYOD security policies, remote wipe services, encryptions etc.
• Critical Infrastructure Security: concerns with protecting computer systems, personnel safety, and other organizational assets that society relies upon, including national security issues, health services, public safety, transportation systems, energy, water utilities, telecommunications, industrial control systems (ICS) etc.
• Physical Security: Concerns with practices and protections of personnel, software, networks, hardware, data, facility, and data from physical attacks that could cause loss or damage to an organization and personnel safety.
• Business Continuity planning / Disaster Recovery Planning (BCP/DRP): BCP/DRP concerns with sustaining business functions and operations even in the face disastrous situations. BCP ensures the continuity of critical business functions even during emergency situations. And DRP is concerned with restoring IT services and business services after disaster strikes.
• Security Awareness, Training and Education Programs: these programs help organizations to bring behavioral change in their employees and enables them to protect their assets from common cyberattacks.

Common cyber security attacks may come from one or more of the following security threats and risks:

• Social engineering
• Phishing attacks
• Malware (spyware, adware, malvertising, viruses, worms, rootkits, backdoors, etc.)
• Ransomware
• Distributed denial of service / Denial of service (DDoS/DoS)
• Insider threats
• Advanced persistent threats (APT)
• Corporate espionage
• Man-in-the-middle attack (MITM)
• Zero-day vulnerabilities or exploits