What is Cyber Security?
Cybersecurity refers to the process of limiting malicious attacks through good security processes, training, and securing computer networks, systems, devices and any other digital applications. The estimate of the economic impact of cybercrime is an astounding $6 trillion by 2021. Traditionally, investment in cybersecurity has only been made by large companies such as banks, telecommunication or government agencies. The impact of cybercrime is however affecting every type of business and individuals. Everyone who wants to use the internet and have the trust of employees or customers caring for their data.
What's the best cybersecurity strategy?
A robust security base includes multiple layers of protection dispersed throughout a businesses computers, programs and networks. Cyber attacks occur every 14 seconds, and one security control can stop them all. Each security tool or service has a role to play. These tools all address a different aspect of your businesses safety, such as vulnerability testing, anti-virus software, network security monitoring, security awareness training, security policies and procedures, or cyber insurance.
Cyber security can be overwhelming for many small businesses so having someone who can simplify it for them is critical.
What do SMEs need to know about cybersecurity?
Most small businesses (and medium businesses) don't think about cybersecurity until after a security breach. They often spend less than a thousand dollars on predominantly anti-virus software. This lack of investment can cost your business money, time and result in lost sensitive information—the average loss per attack averages more than $188,000. In two out of three cases, the impact to the business from cash flow and business interrupt perspective forces them to fold.
Although we often see the massive corporate breaches in the media, cyberattacks are more common for SME. Verizon's most recent data breach report stated that small businesses are the target of 43% of cyber-attacks. Small businesses often don't have the budget or knowledge to protect themselves against online attacks. This lack of security has resulted in them being at a higher risk than corporations that do, criminals have realised this and making them their new target.
According to the Ponemon Institute, 61% of small businesses in the United States suffered a cyber attack. This number is over a 50% increase year on year of cyber intrusions on US SMEs.
The topic of cybersecurity can seem overwhelming as it appears to require small business owners to have a deep understanding of the complex world of IT security. Often they will only need a basic knowledge of cybersecurity and lean on specialist security experts to help them manage this growing risk. This combination of core understanding and expert support is considered essential for running a business in 2020.
What are the types of Cyber Security?
Cybersecurity is an all-inclusive term that includes many distinct practice areas. There are several ways to break down the different types. Many of these follow the structure defined by compliance frameworks such as NIST or ISO27001. Generally, they contain the following area's:
- Information security policies
- Information Security or data security
- Focuses on keeping data secure from unauthorized access or alterations.
- It is the implementation and maintenance of information security practices
- Encompasses the security roles and responsibilities, segregation of duties, information classification and data handling, rules for mobile devices and teleworking.
- Such as the in-depth Security Policies in our Cyber Safety Service - Business Plan.
- Human resource security
- What are your employment controls to support your data security such as screening, background checks.
- Having programs to provide information security awareness, education and training.
- Such as the our Staff On-Boarding, Staff Off-Boarding, Security Awareness, Phishing simulations and education in our Cyber Safety Service - Business Plan.
- Network Security
- Application Security
- What does the company do to makes applications more secure such as processes and tools to find and fix vulnerabilities in application code.
- Operational security
- The processes, procedures and responsibilities to ensure security in the way the business operates.
- It includes how the company is protecting itself from malware such as anti-virus or other endpoint security.
- What processes and policies it has to backup data and recover from an incident
- What types of Network Security is used such as Logging and monitoring for malicious events inside the business
- How does the business identify and manage technical vulnerabilities.
- What controls are in place to manage access to different systems or data.
- Communications security
- How the company uses network security monitoring or services to preserve the confidentiality and integrity of data coming from public or wireless networks.
- The policies and procedures for transferred information. To protect it from interception, modification, or copying (inside the organization and externally).
- Supplier relationships
- The information security policies which outline the requirements for third-parties access to the company's assets. These are to mitigate the risks associated with suppliers.
- Such as the Vendor Management Policy in our Cyber Safety Service - Business Plan.
- Information security incident management
- The policies and a cyber security incident response plan to assist an organisation to manage a security incident.
- Such as the Cyber Security Incident Management Policy in our Cyber Safety Service - Business Plan.
Types of cybersecurity threats
In our ever-changing cyber world, with people working from home (hackers included), we are forced to keep pace with those that challenge our systems. It has become all the more necessary for us to protect our data and other assets (like client information) from cyber criminals and their malicious software. Remember, a cyber threat can take on many forms, including worms, viruses, trojans, malware. The one thing they all need is access to a network to spread or access this info that they are after.
How does Cyber Insurance fit in?
Cyber insurance is a way that businesses can transfer the loss from information security incidents to an insurer effectively transferring the residual risk. There are no businesses that are immune to cyber breaches, and even those with the best security technology still incur costs. Therefore all companies need to have coverage for this remaining risk of loss. We have created a cyber insurance page to help you learn more about how cyber insurance works with a strong cyber security strategy.