Cyber and Information Security
What it is and is not!
The industry does a pretty good job at confusing what ‘Cyber’, ‘Data’ and ‘Information’ Security is and is not. What’s more, it only has itself to blame for the ‘image crisis’ it suffers amongst the Small-Medium Sized Businesses (SMB) community who all too often view cyber security as a corporate requirement or a job for their outsourced IT provider.
For this exact reason, we established Cyber Savvy to cut through the industry noise and provide SMBs with Affordable, Accessible, Applicable and Adaptable solutions and services.
Cyber Security explained...
Doctrinally defined as; “the ability to protect or defend the use of Cyberspace from cyber attacks.”
It’s not all that helpful a definition, is it? And by now, you are probably asking yourself, what is ‘Cyberspace’?!? Cyberspace is defined as “a global domain within the information environment consisting of the interdependent network of information systems infrastructures including the Internet, telecommunications networks, computer systems, and embedded processors and controllers”.
Back to Earth for a minute…
In practice, Cyber Security is focused on protecting data in electronic form; this is likely to include computers, servers, networks, mobile devices, etc. The aim is to ensure these assets are resistant to compromise or attack. Part of that requires identifying the critical data, where it resides, its risk exposure, and the ‘people’ ‘process’ and ‘technological’ controls you must implement to protect it.
Information Security explained...
Doctrinally defined as;
“Protecting Information and information systems from unauthorised access, use, disclosure, disruption, modification, or destruction to provide:
Note; you will often hear ‘Confidentiality’, Integrity and ‘Availability’ referred to as CIA.
In practical terms, ‘Data’ and ‘Information’ are intrinsically linked; consider ‘Information’ as ‘data’ placed into context and the two terms’ broadly’ interchangeable within business, at a ‘high-level’.
In modern business, most data resides electronically on servers, desktops, laptops, or somewhere on the Internet – but a decade ago, before ‘Confidential’, ‘Sensitive’ or ‘Private’ Information migrated online, it was sitting in a filing cabinet. In many instances, across every sector, those filing cabinets still exist. Therefore, Information Security is concerned with making sure data, ‘in any form’ is protected.
Where they overlap...
There is a clear overlap between ‘Cyber’ and ‘Information’ Security, which adds to the confusion. Ultimately, the value of the data is generally the biggest concern for both types of security;
In Information Security, the primary concern is to preserve the CIA of the data.
In Cyber Security, the primary concern is protecting against unauthorised electronic access to the data.
In both circumstances, it is important to understand what data, if accessed without authorisation, is most damaging to the organisation, so a ‘security framework’ can be established with appropriate controls in place to prevent unauthorised access.
Where there are dedicated resources in separate teams, both teams will likely work together to establish a Data Protection framework. For example, simplistically and by way of example, the Information Security team prioritises the data to be protected, and the Cyber Security team develops the protocols for data protection.
What Cyber is not...
Perhaps the greatest miscommunication/misconception within ‘Cyber Space’ (:-)) is that it’s an ‘IT problem’ or ‘Techie’ pursuit. It’s not; in fact, it’s not even close. Cyber is a ‘people’ problem with ‘human error’ the leading cause of 95% of all cyber security breaches. In other words, if human error was somehow eliminated, 19 out of 20 cyber breaches may not have taken place at all!
Your people will always be your first and last line of defence. Of course, technology plays a role in cybersecurity but don’t view Cyber Security as a product, i.e. something you buy, take out the box, plug in and press play! Consider Cyber Security instead as a process. It requires constant and deliberate effort to establish and maintain. After all, that same ‘human user’ is responsible for configuring and programming that ‘techie’ product to work with all the others.
Above all, cyber is not “* * SPECIAL * *””! It is ‘just another’ business risk. Focus on those business risks and not the infinite ‘cyber threats’ you hear of with each daily news report.
Consider an integrated, holistic approach to cyber security instead. This is where the need for Information Security and Cyber Security unite. For example, adopting an ‘Inside-out’ approach; first with the Business Strategy; primary risks (including cyber) to that strategy; and, finally, on the assets, processes and procedures essential to the achievement of that strategy.
By doing so, the business identifies its ‘Crown Jewels’, the critical business assets and associated processes which are essential to business success. Only then consider the internal and external threats that may pose a risk to those ‘critical’ business assets.
This approach enables a business to focus its finite cyber-protection resources to their greatest effect instead of spreading cyber investment across the infinite number of cybersecurity measures they could invest in.
If you haven’t already, book a call to discuss our Savvy Business or Savvy Franchise Programmes, which are designed to identify and protect your critical business assets and maximise your security ROI.
If you are already running a business cyber security programme, you may only need ‘bolt-on’ coaching or consultancy services under the Savvy Services Drop down menu. However, if you’re not sure of your need or wish to validate what you’re already doing with a ‘3rd-eye perspective’ (another view), give us a call or book in for a ‘Savvy Assessment.’
Our business is securing your business; Process over Product – People, Process & Technology.
Not sure where to start with your Cyber Security?
Not sure where to start with your Cyber Security?
Our experienced team of professionals can identify the threats and vulnerabilities facing your organisation and assist you in making informed cost-effective decisions regarding control investment.
It’s not one size fits all
Not all businesses are the same so we base our unique assessment on your businesses’ size and sector of operation. Whether it’s across the enterprise or focussed on independent projects or initiatives, we will gain actionable and meaningful insight into your business risk exposure.
The Savvy Assessment reviews all aspects of the business ecosystem and delivers fast results and cuts straight to the point, so you won’t be waiting weeks for a lengthy report to be produced.
You can view your results in our Cyber Savvy Dashboard where you can find a visual representation that gives you absolute clarity of critical failings, areas of misalignment and opportunities to streamline and enhance your current security posture and business operations.
Our team of experts will then talk you through the findings, recommended prioritisation of actions and quick wins to mitigate business risk to tolerable levels.
Don't wait until it's too late to secure your business
If you have any queries about how we can help you manage your cybersecurity, get in touch today!
Toby, CEO and Strategic Director and Hannah, Managing Director