A Definition of Cyber Security / What is Cyber Security?
Learn more about cyber security, why it’s necessary or important, and how to get started developing a cyber security program in this installment of our Data Protection 101 series.
- Cyber security refers to the body of technology, procedures and practices designed to secure networks, computers, programs and data from attack, harm or unauthorized access. Cyber security can also be referred to as security of information technology.
- Cyber security consists of all technologies and activities that keep computer systems and electronic data secure. And, in a world where more and more of our business and social lives are online, this is an enormous and growing area.
Why is Cyber Security Important? /The Importance of Cyber Security
Being hacked is not only a direct threat to the need for sensitive data companies. It can also destroy their relationship with customers, and even put them at serious legal risk. With emerging technologies, from self-driving cars to Internet-enabled home protection systems, the dangers of cyber crime are becoming ever more severe.
Cyber security is critical because government, military, business, financial and medical entities are gathering, processing and storing unprecedented quantities of data on computers and other devices. A large portion of such data may be confidential information, whether it be intellectual property, financial data, personal information or other forms of data for which unauthorized access or disclosure may have negative implications. Organizations transfer confidential data through networks and to other devices when doing business, and cyber protection defines the discipline devoted to protecting the information and the systems used to process or store it.
As the volume and complexity of cyber attacks increases, businesses and organizations, particularly those responsible for safeguarding information on national security, health or financial records, need to take action to protect their sensitive business and personal information. As early as March 2013, the nation’s top intelligence officials warned that cyber threats and digital espionage pose a significant threat to national security, overshadowing even terrorism.
Challenges of Cyber Security
According to Juliana De Groot
For an effective cyber security, an organization needs to coordinate its efforts throughout its entire information system. Elements of cyber encompass all of the following:
- Network security: The process of protecting the network from unwanted users, attacks and intrusions.
- Application security: Apps require constant updates and testing to ensure these programs are secure from attacks.
- Endpoint security: Remote access is a necessary part of business, but can also be a weak point for data. Endpoint security is the process of protecting remote access to a company’s network.
- Data security: Inside of networks and applications is data. Protecting company and customer information is a separate layer of security.
- Identity management: Essentially, this is a process of understanding the access every individual has in an organization.
- Database and infrastructure security: Everything in a network involves databases and physical equipment. Protecting these devices is equally important.
- Cloud security: Many files are in digital environments or “the cloud”. Protecting data in a 100% online environment presents a large amount of challenges.
- Mobile security: Cell phones and tablets involve virtually every type of security challenge in and of themselves.
- Disaster recovery/business continuity planning: In the event of a breach, natural disaster or other event data must be protected and business must go on. For this, you’ll need a plan.End-user education: Users may be employees accessing the network or customers logging on to a company app. Educating good habits (password changes, 2-factor authentication, etc.) is an important part of cybersecurity.
The most difficult challenge in cyber security is the ever-evolving nature of security risks themselves. Traditionally, organizations and the government have focused most of their cyber security resources on perimeter security to protect only their most crucial system components and defend against known treats. Today, this approach is insufficient, as the threats advance and change more quickly than organizations can keep up with. As a result, advisory organizations promote more proactive and adaptive approaches to cyber security. Similarly, the National Institute of Standards and Technology (NIST) issued guidelines in its risk assessment framework that recommend a shift toward continuous monitoring and real-time assessments, a data-focused approach to security as opposed to the traditional perimeter-based model.
How to Get Into Cyber Security
If you’re considering a job in cyber security, it’s clear the positions are out there. The question is how to make sure you’re a good fit for them. According to BLS, most information security analyst jobs require at least a bachelor’s degree in computer science, information assurance, programming or another related field.
In some cases, the work calls for a Master of Business Administration (MBA) in information systems. That’s a degree that typically takes an additional 2 years of study and involves both technical and business management courses.
Cyber security job requirements also sometimes include related work experience. Rather than jumping right into the security side of information technology, you can start out as a network or computer systems administrator. Depending on the specific cyber security position, employers may have other job requirements. For instance, keeping databases secure might be an ideal job for someone who’s spent time as a database administrator and is also well-versed in security issues.
Aside from work experience and college degrees, some employers also prefer job candidates who have received certifications demonstrating their understanding of best-practices in the field. The Certified Information Systems Security Professional (CISSP) credential validates a professional’s general knowledge and abilities in information security. There are also more specific certificates, which can highlight specialized knowledge of computer architecture, engineering or management.
Whatever path new employees in cyber security want to follow, Kamyck said, those who are willing to make the effort to learn the field will find abundant opportunity.
“There’s needs in government. There’s needs in finance. There’s needs in education,” he said. “There’s a tremendous unfilled need.”