February 21, 2017
So what is Cyber Security? Well, one thing is for sure, it’s a complicated business with many facets! With no true standardised definition, it really depends on whether you are talking to Government, enterprise or consumer.
From the enterprise and consumer perspective, cyber security may be defined as a suite of technologies, processes and practices designed to protect networks, computer systems, mobile devices, websites, programs and data from unauthorised access, accidental damage or even malicious attack – perhaps better described as Enterprise or Consumer Cyber Security.
The Economic Times of India positions cyber security under four key areas of focus – applicationsecurity, information security, disaster recovery and network security. A good start but maybe a little too generic to be useful to enterprise or consumer – if only it were that simple!
A deeper dive into the facets of cyber security identifies three key concepts, as outlined by the US CRS, that, once understood, can assist in protecting enterprise and consumer alike. These three concepts are: threats, vulnerabilities and impacts.
For enterprise and consumer, the threat actors are generally criminals, intent on monetary gain, and spies who would steal valuable information, intellectual property and commercial secrets. These threat actors use a variety of means to exploit fixable vulnerabilities in enterprise and consumer systems, e.g., via Malware, Phishing and Spear Phishing, and Advanced Persistent Threat (APTs).
There are, however, some threats that are deemed ‘unfixable’ either due to the cost of the fix or the technology used, e.g., ‘Zero-day’ attacks where a hacker exploits an unknown vulnerability in software applications. With no advance knowledge, ‘Zero-day’ attacks are therefore pretty much impossible for the enterprise to protect against.
The impact of successful penetration of vulnerable enterprise and consumer systems is many and varied. For the consumer, perhaps access to banking facilities and sensitive personal information which at its worst culminates in identity and monetary theft. For the enterprise, damage to industrial systems such as utility plants, destruction or theft of sensitive or high value information and ‘denial of service’ (DOS) attacks that impede day-to-day enterprise workflow are the norm – not to mention reputational damage. And, globally it is costing industry and consumer trillions of dollars each year.
For Nation States, there is a much darker side to cyber security in the very real threat from cyber terrorism, cyber warfare and cyber espionage.
Over the next few weeks we will take a deeper dive into all of these areas, step by step, unravelling and demystifying cyber security for both consumer and enterprise cyber security professionals alike. Identifying tips, tricks and hints on how to easily and cheaply build a portfolio of policies, applications and readily available solutions to everyday cyber security threats, with the aim to easily and affordably protect you and your enterprise from the most prevalent of cyber security threats.
That said, as we cannot truly define cyber security, likewise we cannot define a silver bullet solution. Rather there is a need for a layered approach to cyber security, building security policies, overlaying security applications with specific core capabilities to meet the needs of those policies with the ambition being to identify cyber security solutionsthat meet the needs of you the consumer or your enterprise.
Finally, why should we, the consumer, be bothered about cyber security? Well… because, ultimately someone always pays for cyber crime and that someone is generally you and me, the consumer! Whether it is the potential for increased prices for Sony movies as a result of the reported $71 million cost of the “Sony hack” or increased bank charges and interest rates because so many consumers lose their bank login and password details via ‘phishing’ – the consumer pays every time.
My belief is that with a better understanding of some of the key concepts, tools and solutions, we can reduce the vulnerabilities in, and thus the threat to, our personal and enterprise computer systems – saving ourselves and our respective economies millions of dollars/pounds/rupees that can be put to better use elsewhere.
Next time: Malware Explored
Dr. Debbie Garside is a cyber security expert and CEO of GeoLang Ltd, a UK based Cyber Security StartUp awarded the title of the UK’s Most Innovative Small Cyber Security Company in 2015. Debbie, the First Prince of Wales Innovation Scholar, most recently formed part of the “Best of British” small business entourage, accompanying UK Prime Minister Theresa May on her first bi-lateral trade visit since Brexit to India in November 2016.
A note from the author: Cyber security is such a vast and diverse topic – no one person can know everything. My personal areas of expertise are in Information Security, Supply Chain, International (ISO) and Internet (IETF) Standards and CAPTCHA (Completely Automated Public Turing Test to tell Computers and Humans Apart), so for some areas, I will be taking this journey with you – learning along the way, and succinctly highlighting the results of my cyber security research here!
Disclaimer: The views expressed above are the author’s own.