October is Cyber security awareness month, an annual global initiative to raise awareness on the issues around cyber security and promote good cyber security practices for both individuals and organisations. Cyber Security Awareness month started in the U.S.A and then in 2013, The European Union Agency for Network and Information Security (ENISA) started the European Cyber Security Month (ECSM).

This is so important because governments, the financial sector and all other organisations now collect, process, and store incredible amounts of data on their computers and other devices. Every day thousands of networks are compromised and data stolen. Much of that data can be sensitive information, such as intellectual property, financial data, or personal information. This is not only embarrassing and costly, but because of the General Data Protection Regulation (GDPR) which says that companies must safeguard their data, it means that organisations can be fined for allowing data breaches to happen.

What is Cyber Security?

Cyber security is a wide area and can apply to anything from business to mobile computing. It covers all aspects of defending networks, computers, servers, mobile devices and electronic systems from malicious attacks. There are a number of areas that need to be considered when looking at Cyber Security:

Network security is simply the process of protecting the network from unwanted users, attacks and intrusions.

Application security focuses on keeping software and devices free of threats, which could lead to data breaches or attacks on a system. Applications should be constantly updated and tested. Good software will have regular security updates.

Disaster recovery is the plans an organisation has to responds to a cyber-security incident or other event that causes the loss of operations or data and how it will return to the same operating capacity as before the event.

End-user education: The weakest link in any good Cyber Security are the users of the system. A virus can be introduced into a very secure system by an individual failing to follow good security practices. Teaching good habits such as regular password changing and using 2-factor authentication, the deletion of suspicious email attachments, not plugging in unidentified USB drives, etc. is important to maintain the security of any organization.

Operational security includes all processes for handling and protecting data. The permissions users have to access a network and how and where data may be stored or shared are part of this. It means that you must manage each user’s security identity controlling exactly what they can and can’t do.

Database and infrastructure security:  It’s a fact that most data is stored in some sort of database and that everything is stored (ultimately) on physical equipment. All of this needs to be properly secured.

Cloud security means that organisations have to think of data stored in an online environment and Mobile security, which can be mobile phones and/or tablets involve all of the other issues of Cyber Security, with the added problem that this equipment is taken and used in remote locations.

Types of Cyber Threats

Cyber security threats can be placed into three broad categories:

1. Cybercrime which is groups or individuals targeting companies or systems, usually for financial gain, or to cause disruption.
2. A Cyber-attack often involves information theft and this may be politically motivated.
3. Cyberterrorism is intended to disrupt or bring down electronic systems to cause panic or fear. Cyber-attacks and digital spying are now considered the top threat to national security, eclipsing even conventional terrorism.

In 2020 the number of UK data breaches were considerable:

• 43% of businesses identified cyber security breaches or attacks in the last year
• Up to 88% of UK companies have suffered breaches in the last 12 months.
• One in every 3,722 emails in the UK is a phishing attempt
• One small business in the UK is successfully hacked every 19 seconds

The UK government has set out its Minimum Cyber Security Standards for Cyber Security. You can learn more about Cyber Security Month here