What is cyber security?

Introduction

Nearly everything we do these days relies heavily on technology. Whether it is sending mail, booking an appointment or even talking with our friends, online applications and programmes are essential for the digital age we are living in.

One of the big disadvantages of the digital world is the threat of cyber attacks. We have all heard on the news about malicious viruses attacking personal computers, or about ransomware hijacking large corporate systems. These attacks have devastating effects for both individuals & organisations, but the good news is that they can be prevented.

You or your friends might have faced something similar, or it might have happened at work. Once it has happened to you, you start to become curious about cyber security and may want to know more about it. You might even consider a cyber security career!

This article will explain what cyber security is all about and how to start a career in this field.

What is cyber security?

Cyber security comprises technologies, processes and controls that are designed to protect systems, networks and data from cyberattacks. Effective cyber security reduces the risk of cyberattacks and protects organisations and individuals from the unauthorised exploitation of systems, networks and technologies. ^[1]Having cyber security tech and measures on your computer, laptop, phone, tablet and other smart devices is crucial to protect your gadgets from external cyberattacks.

Why is cyber security so important for companies nowadays?

Unfortunately, there are hackers online who are employed to steal information from companies, slander its reputation and blackmail them for big amounts of money. They do this using malicious software, botnets, socially engineered attacks and network penetration.

Imagine for a moment that a company has no cyber security tools or measures at all. What do you think might happen? Total chaos, theft of data and losses in thousands, if not millions, of pounds!

Large, medium and even small companies take cyber security and cyber resilience very seriously, since the majority of them depend on IT solutions, networks and software for their daily operations and projects. These contain sensitive information like customer and employee data, corporate strategies and financial records. Taking at least minimum measures to protect the company from cyber attacks is therefore worth it.

Techniques and tools used to carry out cyber security

There are several techniques and tools that can be used to carry out cyber security at home or work. On a personal level, you can create strong passwords and install an anti-virus application on your laptop and smart phone. In this way, you are implementing cyber security which helps you prevent cyber attacks.

On a larger scale, organisations must make the necessary preparations to detect an incident promptly and correct its effects successfully^[2]. This is called cyber resilience and its job is to not only prevent cyber attacks, but to detect the attack before it happens and eventually correct any kind of damage it might perform. It depends heavily on risk management, incident management and ITIL^® (Information Technology Infrastructure Library) as tools to execute cyber resilience.

What are the benefits of strong cyber security?

When you apply cyber security to your digital practices, it protects your private personal information from any breaches, boosts your device’s performance and denies cyber-spies to your network. If you own a business, it prevents your website from going down, protects your employees’ safety online, and your customers will have more confidence in dealing with your business. Cyber resilience can offer benefits to organisations. It also:

1. Provides the necessary measures to address risks effectively, giving organisations the confidence to exploit the digital age to deliver the opportunities for growth and innovation on which they rely.
2. Prevents, detects and corrects incidents that jeopardize the organisation.
3. Builds trust in business relationships.
4. Ensures an organisation can confidently continue to deliver its business strategy and desired outcomes^[3].

Who carries out cyber security in an organisation?

You might say it is the IT department that carry out cyber security and cyber resilience. This is a true statement, but at the same time it is everyone’s duty and responsibility to keep themselves and their devices safe from cyber attacks. This is why it is essential that every one of us must have minimal knowledge to work online safe from harm. Therefore, organisations must ensure to include cyber security awareness courses in staff induction and continuous learning programmes.

Additionally, there are specific cyber security roles within many organisations. Some of them are:

• Security Analyst who is responsible for analysing and assesses vulnerabilities in the infrastructure (software, hardware, networks), investigates available tools and counter measures to remedy the detected vulnerabilities, and recommends solutions and best practices.
• Security Engineer who performs security monitoring, security and data/logs analysis, and forensic analysis, to detect security incidents, and mounts incident response.
• Security Architect who designs a security system or major components of a security system and may head a security design team building a new security system.
• Security Administrator who installs and manages organisation-wide security systems.
• Security Software Developer who develops security software, including tools for monitoring, traffic analysis, intrusion detection, virus/spyware/malware detection, anti-virus software, and so on. Also integrates/implements security into applications software.
• Cryptographer/Cryptologist whose job is to use encryption to secure information or to build security software. Also works as researcher to develop stronger encryption algorithms.
• Cryptanalyst is a person who analyses encrypted information to break the code/cipher or to determine the purpose of malicious software.
• Chief Information Security Officer is a high-level management position responsible for the entire information security division/staff. The position may include hands-on technical work.
• Security Consultant/Specialist are broad titles that encompass one or all the other roles/titles tasked with protecting computers, networks, software, data, and/or information systems against viruses, worms, spyware, malware, intrusion detection, unauthorized access, denial-of-service attacks, and an ever-increasing list of attacks by hackers^[4].

Qualifications and experience needed to get into a cyber security role

To work in the cyber security field, you can start in an entry level IT position to gain on-the-job experience, but employers do prefer qualifications to make sure you possess the knowledge needed for jobs like those mentioned above. Universities and colleges can offer you degrees and courses in cyber security, in addition to accredited training bodies like AXELOS in the UK.

In addition, you must possess personal traits that’ll help you become a successful cyber security professional. You must always be hungry to learn more (as the digital world is very dynamic and fast so there is always something new to learn), have constant determination, the need to be curious, to be able to communicate with non-tech people in non-technical terms, extreme attention to details, analytical skills, and being able to put yourself into a cyber criminal’s shoes and think like them!

People who choose cyber security as a career normally work in prestigious sectors, such as government departments, tech and internet companies, banks, financial firms and credit card companies.

Knowledge Train offer an online Cyber security Awareness course that elaborates on the measures necessary to be safe online, whether at home or in the office. You can also start your cyber resilience learning journey with this accredited RESILIA Foundation online course, which teaches you a best practice framework to manage cyber resilience and much more!

List of references