Cyber security and its common misconceptions 

After recently starting a cyber-security master’s course at university, after coming from a background with technical knowledge and understanding from my years of study in computer forensics and PC networking, one thing is apparent immediately, which is the huge misconceptions surrounding cyber security and what it means for everyone as a whole, not just large organizations.

As a quick note, this blog post will be periodically expanding as I continue to research and develop in this area. The aim of this blog is to highlight cyber security to the common man, in aid to create an awareness that everyone should be aware of it, understand what it means to them and why they should at least take it on board within their computing/technical environments.

I will be discussing the basics of cyber security, what it means, what it implies and what it aims to do within a general aspect before delving into deeper areas of the subject.

To make it easier to read and understand, I will be writing everything as a question and answer as best to explain it simply, after all this is to be understood by everyone.

Cyber security, commonly exchanged with computer security, whilst two different subjects, they are regularly entwined and used in conjunction when describing this topic. Whilst cyber security focus’ a little more on the cyberspace and the issues within that area, computer security commonly takes a more direct focus on the hardware and its security.

The first question commonly asked is what is cyber security and what does it mean for me? So that is the first question I will focus on, as knowing exactly what this is will help in your understanding of this area and implementing the correct cyber security.

Cybersecurity is the body of processes, technologies, and practices which are designed to protect networks, systems, programs and data from attacks, damage and/or unauthorised access. In a technological sense, the term security typically refers to cyber security, which is part of why cyber security and computer security are often interchanged with each other on a common basis. In basic terms, cyber security involves securing the information and data held on systems ranging from everyday laptop’s and computers, all the way to large server farms, to the protection of the systems physically such as, limited access to a server room, unless a person is authorized to be there, with the inclusion and protection of applications and the networks for an organization.

You would not leave your house without locking your doors before you leave, would you? You would not have expensive items such as jewellery, for example, laid out in the open, instead you would opt to keep the most valuable items locked in a safe if not in normal use, as this is where they would be more secure and protected. The same applies to cyber security, the difference being the technological jargon, it entails, which too many people, is not understandable. By applying simple, lifelike situations it will help you to understand what cyber security means and what it entails, as it is not as difficult as the jargon would lead you to believe.

The effects of cyber security can be felt daily by a lot of people, it is not just large organisations that should be aware of the effects and its capabilities. Cyber security represents a threat to the most average person, from someone with just a laptop or smartphone, all the way up to a large enterprise consisting of server farms and virtual environments, right down to the small start-up business’s only deploying a simple network of a few PC’s and wireless devices, it now does not matter which bracket (I suppose we can call it that for now to keep it simple) that you fall into, as they all are susceptible to attacks with their information and data being breached.

The threats discovered daily is growing at an exponential rate, on average, there are 230,000 pieces of malware discovered, yes you read that correctly, 230,000. Just think about that for a moment, it’s a very hard figure to imagine, however, that is the battle that I.T professionals face daily.

Whilst a vast majority of the malware that is discovered is not able to create substantial problems/harm on its own, there is still a good proportion which will undoubtedly be capable of creating such issues.

Another issue surrounding cyber security is why should I care? How can it really do that much damage? Because of this mentality, users are typically unaware of the damage that can be caused by cyber security measures not in place until it is too late, then once an issue such as a ‘hack’/breach has happened, the penny drops, in turn they then start warning others who had the same mindset as them. The problem is, I would cyber security be known and protection measures become second nature to all users of technical devices so that they can remain as safe as can be when using their devices.

Malware is a common issue of cyber-security professionals, especially for organisations, I will start with a scenario involving the issues that can face a small start-up business.

For example, if a small business is operating solely independently, consisting of the owner and a few employees, and that organisation only has a few PC’s operating, as a cashier system to serve the customers and a simple Wi-Fi network for its customers to use when visiting. Let’s also assume the business owner doesn’t want to spend much of the budget yet on I.T because he has limited funds due to only just opening the business and doesn’t deem the business particularly vulnerable.

Let’s now assume the business has come under a security breach, an attack by hackers, compromising the customer database and having access to all business data. For the business to return to normal operation, the hackers are demanding payment of £20,000 as they have placed a type of virus called malware capable of encrypting all the machines in use along with all the data on every hard drive, meaning the owner now does not have access to the data and is in a tough situation and now has to decide to make the payment or not. Situations like this where security measures are not in place can become a costly mistake very quickly. Typically, if this happens to small businesses, whether just starting up or not, it can become very difficult for that organization to recover and recoup the costs of such an event, with a high proportion of organizations this happening to end up out of business, coupled with the damage it can do to the reputation of that company, it then becomes clearer why cyber security should be taken seriously.

What is information? And why is it important?

Information typically defines the knowledge or facts surrounding an issue or subject, mostly information is data in its simplest form which has been processed and is now meaningful.

There are terms commonly associated with information such as:Timely, organised, knowledge, data, meaning, communication, all of these terms are used when describing information, whereas with data they are not, as the data does not become information until it is processed and made usable and useful.

Timely, organised, knowledge, data, meaning, communication, all of these terms are used when describing information, whereas with data they are not, as the data does not become information until it is processed and made usable and useful.

For example, an architect building a house has been given a series of numbers correlating to the measurements of the house, which in just numbers form, is almost meaningless until the architect analysed the numbers to draw and blueprint plans for the house, which in turn that data he has been given, then becomes information because it is useable data. In the simplest of terms, information can be described as useful data. This is one way, why information is important, without the data to make the information, it would have no use, resulting in the architect unable to complete his drawings/blueprints. This information is used effortlessly in our day to day lived and processed by us, the difference being in a computing environment is the terminology used.

One of the most important aspects, and a cause for concern among many business’s and people alike is the legal aspects of cyber security. There are a variety of legalities that have to be followed when deploying and integrating cybersecurity into an organisation.

There have been specific attempts at putting laws in place to help understand, and implement cyber security combat measures, in the US there is ‘The cyber security Act of 2015’ and in the UK there is ‘The UK national cyber security strategy’ both of which intend to have significant legal effects for cyber-security. The UK national cyber security strategy is intended to build upon the country’s first national strategy which was published in 2009. In regards to the UK national cyber security strategy, it is the common law which provides the most common fertile grounds for the growth or new laws being put in place. Case law also exists in the UK, which already tells us that where an equitable duty of confidence exists for confidential information, a parallel duty of care for security can co-exist, within the common law tort of negligence. The tortious duty means that for security, it is able to wrap a legal envelope around the confidential relationship, also requiring the security measures to help preserve the confidentiality of said information.

Have a read over at the website below, it’s an article highlighting the 10 common cyber security facts.

10 Alarming Cyber Security Facts that Threaten Your Data [Updated]