‘Cybersecurity.’ What is it? Who needs it? How do you achieve it?
Let’s start with the basics: according to the Oxford Dictionary, cybersecurity is ‘the state of being protected against the criminal or unauthorized use of electronic data…’ while the updated NIST Cybersecurity Framework defines it as ‘the process of protecting information by preventing, detecting, and responding to attacks.’
What is the difference is between cybersecurity and information security, and where do concepts like network security or secure programming fit in? They are all related! The most commonly understood goals of information security- or ‘Infosec’- are to protect the confidentiality, integrity, and availability of data, whether that data is physical or virtual. Cybersecurity primarily defends against attempts to disrupt the confidentiality, integrity, or availability of electronic data, either on or in transit between systems or devices.
So, how exactly do you ‘do’ cybersecurity? Well, just as cybersecurity is a component of information security, the same could be said of concepts like network security, application security, and mobile security in relation to cybersecurity. All focus on protecting electronic information through various means, whether by securing communications channels or enforcing authorization for data operations. Specialized technical resources like vulnerability scanners, Security Incident and Event Management (SIEM) systems, and penetration testing toolkits can have their place in a cybersecurity program as a way to focus on mitigation of primarily external threats. Conversely, administrative policies and processes can actually play a large role in securing your data, as a strict access control procedure can be one of the best defenses against damage from insider threats. Even physical security can be a factor in cybersecurity, through the use of secure data centers and authorized entry processes to protect the hardware that your data resides on.
We’ve talked about the ‘what’ and the ‘how’ of cybersecurity, but what about the ‘who’? Ultimately, in today’s interconnected world, everyone should be concerning themselves with security in their virtual environments. While the specifics of implementation may differ for a single individual vs. a large corporation, the basic concepts often remain the same. Access control, proper authorization, secure communication channels, password management, and even thinking offensively are all concepts that that can improve your cybersecurity posture, whether you’re a family of 4 or a business of 400. And with the virtual threat landscape continuing to grow, greater security awareness has never been more critical.