Estimated reading time: 9 minutes
Cyber security is a term used to describe policies, processes, measures and technologies, which protect devices and systems to prevent or reduce the risk of cyber attacks. The scope of cyber threats has increased significantly in the last decade. To combat threats and lower risks, organisations, businesses and individuals are utilising a wider range of cyber security measures than ever before.
The primary aim of cyber security is to prevent unauthorised access to devices, networks and systems. The effects of cyber crime can be devastating, and no organisation, no matter how big or small, is immune. In this informative guide to cyber security, we will discuss the background of cyber security and the impact of developments in technologies and processes. We will also delve deeper into what is being done to enhance and improve cyber security and consider what could be done in the future to combat cyber crime.
Cyber security: the backstory
Cyber security has evolved over the course of the last ten years. As cybercrime has developed from a niggle for businesses and authorities to a major threat, security has become more sophisticated and far-ranging. To understand the impact of cyber crime today, it’s beneficial to take a look at the backstory. Here is a brief history of cyber crime:
Computer security dates back to the 1970s, but cyber security as we know it is a relatively recent development. Cyber espionage came to the fore in the 1980s but the proliferation of the Internet, the growth in email communication and the popularity of mobile devices and phones triggered a surge in cyber attacks in the last 20 years. Throughout the course of the 2000s, threats diversified. Web users no longer had to open or download suspicious files and zero-day attacks, which exploit gaps or weaknesses in defences, became more frequent. Statistics show that zero-day threat detection fell from 40%-50% in 2006 to 20%-30% in 2007 (source). As threats became more menacing, tech companies introduced additional security measures, including free antivirus software and built-in OS security.
In the 2010s, cybercrime started to hit the headlines, with high-profile breaches affecting multinational corporations, government departments and financial organisations. To reduce risks, companies started to develop tailored solutions for businesses in line with emerging threats and industry-specific dangers.
Today, cyber security is more advanced than ever before, but that doesn’t mean that threats have been nullified or that organisations, companies or individuals are not at risk. In fact, the statistics expose widespread vulnerabilities. The recent case of Log4j highlights the need for continual development and evolution. In December 2021, a vulnerability was detected in the logging library, which put individuals and organisations at risk. The weakness meant that without urgent action, attackers could gain access to data, infect networks and extract passwords and sensitive information.
The impact of cyber security: Why is cyber security important?
Cyber crime is a subject of fervent debate. Once an issue that only affected a small number of organisations, cyber attacks are now a genuine concern for everyone. There are several reasons why cyber security is important. Investing in robust defences offers a raft of benefits. These include:
The cost of cyber crime and security breaches is increasing. For organisations, for example, there are multiple costs to consider, including penalties for companies or bodies that experience breaches, lost income and downtime. Gartner estimates the average cost of downtime at $5,600 per minute (source). This equates to approximately £4,130. In addition to fines, downtime and lost sales, there are indirect costs to consider. One of the most important factors for businesses is damage to their reputation. Customers need to be able to trust the companies they buy from or hire to protect their data. If there is a security breach, clients may go elsewhere and brand image will suffer. Cyber security helps to reduce the cost of security issues and data breaches and it can also help organisations to protect and enhance their reputation.
Battling increasingly sophisticated attacks
Cyber crime has evolved and it is a very different enemy today. Attacks have become much more sophisticated and hackers are coming up with new ideas to beat security protocols continuously. This means that security measures have to be upgraded and updated. Companies and individuals must be willing to embrace new technologies and measures to enable them to maintain high levels of protection.
Research conducted by McAfee and the Centre for Strategic and International Studies (CSIS) in 2020 suggests that the global economy loses more than $1 trillion per year to cybercrime. Improving cyber security is essential to prevent losses and support global economic growth.
The rise of smart devices
The ever-growing popularity of smart devices has posed new challenges to cyber security professionals and companies working on innovative new strategies to lower risks. The proliferation of the IoT (Internet of Things) makes securing channels and platforms more difficult. Every device provides a potential entry route for hackers. It is estimated that there are now more than 27 billion devices connected to the Internet.
Common cyber threats
Cyber threats have become more varied and diverse. Examples of common cyber threats include:
- Malware: malware is software, which executes malicious activity, for example, taking over and corrupting a system.
- Phishing: phishing scams encourage people to disclose sensitive information or download malware through spam emails.
- Spear phishing: spear phishing is an advanced form of phishing, which involves gathering information about the individual and impersonating them.
- Trojans: Trojans are a form of malware, which is designed to penetrate systems by pretending to be something harmless, such as a software programme. Once the Trojan has gained access, it then releases malicious code.
- Ransomware: ransomware is an attack in which the hacker holds the user to ransom. The attacker will make demands in order to stop further breaches or regain access to data.
- MitM (Man in the Middle) attacks: this type of attack may be used by military forces. It involves intercepting messages between a sender and a recipient.
- Data breaches: data breaches occur when attackers breach systems to steal data.
- Distributed Denial of Service (DDoS): a DDoS attack occurs when a malicious actor takes over multiple devices to cause a system or website to crash.
- Mobile malware attacks: mobile users may be more vulnerable to malware attacks. Malware can be embedded in apps, downloads and phishing emails.
There are several possible sources that play a role. Cyber threats can come from:
- Organised crime groups
- States and nations
Key cyber security statistics
- 88% of companies experienced attempted security breaches in 2019/2020 (source)
- One business is successfully targeted every 19 seconds in the UK (source)
- 33% of UK businesses have lost customers following a data breach (source)
- Over 50% of UK email is spam (source)
- 71% of UK companies were hit by ransomware attacks in 2020 (source)
What is currently being done to tackle cyber crime?
Cyber crime is a threat to individual users, as well as businesses and organisations of all sizes and scales. There are several ways to protect against cyber crime and reduce risks through promoting effective, targeted cyber security measures. Here are some good practice guidelines for businesses and organisations.
Tools and measures for businesses
Outsourcing cyber security
For companies that don’t have large-scale IT departments or employees with expertise in cyber security, outsourcing is an excellent way to protect against security breaches and cyber attacks. Outsourcing provides an alternative to hiring new employees and it enables company owners and their teams across all sectors to gain access to individuals and agencies with expertise and experience in cyber security. Cyber security experts will be able to analyse existing strategies and processes, identify holes and weaknesses, suggest improvements and recommendations and implement new measures. IT companies can also provide additional services, such as monitoring, data / website backup and disaster control and employee training.
Utilising threat detection tools
Prevention is always better than cure when it comes to cyber crime. Threat detection tools are designed to identify suspicious behaviour and activity.
Conducting security risk assessments
Security risk assessments are designed to detect vulnerabilities and highlight threats. Carrying out regular assessments enables businesses to identify issues early and address them before they cause more complex problems.
Many employees use computers and mobile devices on a daily basis without understanding the potential risks associated with the actions they take. Providing employee training can help business owners to lower the risk of security issues by enabling employees to spot suspicious activity, for example, phishing emails.
Implementing simple, effective, targeted cyber security policies
Company policies set out guidelines or instructions for employees to maximise the chances of achieving key objectives and creating safe, inclusive workplaces. Cyber security policies play an instrumental role in protecting networks, systems and devices. Always make sure that your policies are clear, and communicate with your team to ensure that they understand what the instructions mean. Examples of policies include changing passwords frequently and using passwords that are virtually impossible to guess.
Ensuring compliance with industry-specific, national or international guidelines
As cyber crime has become more prolific, cyber security has become more robust and far-reaching. Today, there are guidelines and policies in place governing specific industries, for example, healthcare, countries and regions. Every business owner should ensure that they are fully compliant with the relevant regulations.
Cyber outlook: What can be done to improve cyber security?
In recent years it has become increasingly apparent that cyber crime is an issue that is not going away. Attacks are more sophisticated and statistics show that nobody is safe. It is clear that more needs to be done to clamp down on cyber crime, but what can be done to reduce risks and improve cyber security? Here are some ideas to improve the outlook for cyber in the years ahead:
Improving cyber training and development opportunities and plugging talent gaps
The demand for cyber security professionals outweighs the supply. Improving opportunities and encouraging more people to go into the profession could help to plug skills gaps and talent shortages in the future.
Identifying and reacting to emerging threats and new cyber crime trends
Cyber crime is a moving picture. It is critical to be able to identify and react to emerging threats and new trends. Recent and emerging cyber crime trends include:
- Increased ransomware and malware attacks linked to remote working, which makes employees more vulnerable to malicious actors
- Covid related threats: up to 25% of Covid domain names are malicious (source)
- The rise of cyber crime-as-a-service (CaaS): in the past, hackers and attackers had to be experts in their field. Cyber crime is now much more accessible. People with limited experience can carry out attacks through illegitimate service providers.
- Automated attacks: hackers can now use automation to perform multiple attacks per day.
- Polymorphic threats: polymorphic threats are more difficult to identify and destroy because they constantly change the features that make them detectable.
Artificial Intelligence (AI)
Artificial Intelligence (AI) offers benefits for both cyber criminals and cyber security professionals. One of the main advantages of IT for cyber security professionals is the ability to analyse huge amounts of data to spot patterns and trends and identify early threats. AI has multiple uses for organisations, including learning security algorithms, implementing biometric identity verification and automating systems that could be susceptible to human errors.
Cyber security is increasingly valuable. As the number of cyber attacks increases and cyber crime becomes more sophisticated, investing in cyber security is vital. Cyber security has evolved rapidly in the last decade, but so has cyber crime and the battle is ongoing. Businesses and organisations must be aware of new trends and threats and continue to upgrade and update their defences to reduce risks and prevent attacks. New threats are emerging all the time and there is no time to stand still. As technology continues to evolve, hackers and malicious actors develop new ways to target individuals or organisations. Cyber security has a hugely positive impact on safety and security but it must keep advancing, developing, diversifying and progressing.