Cyber Security

What is Cyber Security?

Cyber security sometimes referred to as information technology security or IT security, is the general term for technologies, processes and controls that are designed to protect systems, networks, devices, programs and data from cyber attacks.

What is a cyber attack?

A Cyber Attack is an attack initiated from a computer against a website, computer system or individual computer that compromises the confidentiality, integrity or availability of the computer or information stored on it.

What are the consequences of a cyber attack?

Cyber attacks are on the increase, they are designed to cause damage both financially and to your reputation. The consequences of a cyber attack can include loss of assets, reputation and business, and you may face regulatory fines and litigation – as well as the costs of recovery. Under GDPR you have 72 hours to report a breach after it has happened or face a fine of up to a quarter of your turnover.

What are the average costs of a cyber attack?

The UK government's Cyber Security Breaches Survey 2017 found that the average cost of a cyber security breach for a large business is £19,600 and for a small to medium-sized business is £1,570. This is in addition to the fines imposed under GDPR.

Cyber Security consists of the following:

  • Network security – This consists of policies and practices designed to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.
  • Application security – These are the measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.
  • Endpoint security – Sometimes called endpoint protection refers to the protection of computer networks that are remotely accessed by client devices such as laptops, tablets, mobile phones and other wireless devices. A good example of this is anti-virus software.
  • Data security – Sometimes called information security, refers to the protection of digital data, such as those in a database, from destructive forces and from the unwanted actions of unauthorised users, such as a cyberattack or a data breach.
  • Identity management – Also known as identity and access management (IAM) ensures that the right individuals have access to the right resources at the right times and for the right reasons.
  • Database and infrastructure security – Refers to the collective measures used to protect and secure a database or database management software from illegitimate use and malicious threats and attacks.
  • Cloud security – Cloud computing security or, more simply, cloud security refers to a broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security, and, more broadly, information security.
  • Mobile security – Mobile security, or more specifically mobile device security, refers to the security of personal and business information now stored on mobile devices. Often modern anti-virus software will include Mobile Device Management (MDM) software to help with this.
  • Email security – Email security refers to the measures taken to improve the security of your email server or individual emails. This includes anti-spam software, email encryption and digital signing. It is increasingly common for a cyber attack to happen via attachments in email so dedicated email security services are becoming as essential as anti-virus software.
  • Disaster recovery/business continuity planning – Refers to the ability to recover from a disaster and/or unexpected event and resume operations. Organisations often have a plan in place (usually referred to as a “Disaster Recovery Plan” or “Business Continuity Plan”) that outlines how a recovery will be accomplished. It’s incredibly important to make sure that when a disaster or failure happens you can recover quickly, good backups and DR are essential for this.
  • End-user education – Refers to the training and education of employees and on proper digital safeguards. This aspect helps with all of the above, proper training and awareness stops most attacks from succeeding.
Get In Touch