Cyber security has never been more essential than it is now and this is attributable to the increasing prevalence of cyber-crime or attacks. These are not expected to reduce any time soon and in fact they have been anticipated to increase in the as criminals come up with new and more sophisticated ways of exploiting, by passing and breaching computer systems, networks, programs and devices.
Governments, organisations, businesses and individuals have all fallen culprit of these malicious activities most of which resulted into substantial financial loss, reputation destruction and loss of privacy and just in the January this year, 1.76 billion personal records were leaked by hackers.
Cyber crimes have been used to influence major elections, access sensitive personal information of individuals and extort money from businesses and organisations with the cost of ransom ware attacks expected to be $11.5 billion in 2019. This calls for the need for cyber security for every computer user, government and business.
So you may be wondering what cyber security is and how you can implement it in your organisation or personal life. Here we go!
Cyber security, what it means.
Cyber security is the ongoing process of protecting computers connected to a network, their hardware and software and the information on them from attack, unauthorized access and malicious damage, or from being made inaccessible by intruders.
Cyber security is not a one-time event but rather an ongoing process that aims to utilize new technologies and systems to minimize the probability of cyber-attacks and reduce the implementer’s exposure to cyber risks while protecting the confidentiality, integrity and availability of computers, their hardware and software along with the information that may be stored on them.
Cyber security may involve a series of activities, procedures and processes that are aimed at ensuring that only authorized users are able to access these computers and information ( in order to maintain their confidentiality), only people with authorized access are able to modify them and make changes (to maintain their integrity), that these computers and information are available when they are needed (to ensure availability) and to ascertain that they are communicating with the appropriate people or computers (authentication).
Examples of cyber-attacks and threats.
Cyber criminals have several attacks they can perform on the cyber environment of a victim to steal, deny access or alter the victims’ information. Criminals can use phishing, denial of service attacks, ransom ware, malware, worms, viruses, social engineering, and sequel injections among others.
In this article we shall go through the most common ones.
Social engineering. This technique is always used to deceive and manipulate victims in order to obtain information or gain access to their computer. This is may be executed by asking the victim to click malicious links, opening malicious emails or by physically gaining access to the victims computer through deception.
Malware. This covers all programs and files designed to harm a computer. Malware covers viruses, worms, Trojans among others.
Viruses. These have been around for some time and I guess you are familiar with this term. Viruses are malicious pieces of code that get installed on your computer without your knowledge. These are usually used to destroy information and software programs on the victim’s computer.
Worms. These are like the distant cousins of the viruses and the difference with them is that they do not attach themselves to your computer programs and they are designed to roam in your computer looking for vulnerabilities that they report to their creators. It is through these vulnerabilities that cyber criminals can launch their cyber-attacks on their targets.
Ransom ware. Of recent, ransom ware has been the most increasingly used form of cyber-attack. It is a form of cyber-attack that demands for payment form the victim after encrypting their files and rendering them inaccessible.
Trojans. These are also tricky. Trojans are forms of malware that disguise themselves as legitimate software but instead perform malicious activity when run.
Components of a strong Cyber security program
In order to have a sound cyber security program in place, whether you are a government, an organisation or business, all you need are three major components, that is, people, processes and technology. When one of these is lacking or inefficient, the organisations cyber security program becomes very weak and therefore the probability of cyber-attacks and cyber threats (cyber risk) increases. The components of a cyber-security program are explained further below.
Reports have indicated that people have been the biggest weak links in most of the major cyber-attacks. People have intentionally or unintentionally exposed their organisations to these attacks and therefore pose the biggest risk in the failure of an organisation’s cyber security. This fact therefore indicates that the people in an environment ought to be clearly educated about their role in detecting, identifying, combating and preventing cyber-attacks and cyber threats. Organisations should also that the cyber security champions (people at the fore front) keep up to date with the latest cyber threats, cyber risks and the technologies that can be used to mitigate, reduce or appropriately respond to them. A robust cyber security program must have Board and Executive level visibility, funding, and support.
These are mediums put in place through which the organisation can elaborately communicate its position in cyber security. It is advisable that these processes be documented and also articulately indicate the roles and responsibilities of the various stakeholders (management and staff), the specific procedure to follow when raising concerns of cyber threats and cyber-attacks. The organisation should strive to regularly update its processes to accommodate more recent cyber risks, cyber threats and the possible appropriate responses. Continuously identifying the cyber risks and cyber threats that the organisation is likely to face, processes can be effectively improved and the necessary technologies to combat them can be employed.
People, processes and finally the appropriate technology. Organisation can take advantage of the ever changing and improving technologies to reduce the cyber risks and cyber threats they may face. Technologies may include software, hardware for example access controls among others. The adoption of proper technology practices such as consistently applying software updates as soon as they are made available.
As devices become more connected the cyber risk inherent also increases and therefore requires all players, that is, governments, organisations, business and individuals to take a more proactive stance towards ensuring their cyber safety. This calls for the implementation of cyber security programs.
Implementation of cyber security can be done within an organisation by an in-house IT department or may be outsourced to independent IT experts who can ensure the cyber security of their clients.
Although there is no guarantee that you will always be free from cyber-attacks, there are some steps you can take to seriously lower your cyber risk and consequently improve your cyber security.
Doing simple things like keeping your software systems always updated. Software updates always fix security problems so it is advisable that you download them as soon as they are made available. Implementing cyber security will ensure that there are minimum or no interruptions to business, that there is no financial loss and breach of privacy as a result of cyber attacks.