Cyber-security: What is it?

Cyber-security: What is it?

Yasemin MustafaSenior Manager, Enterprise Security

Cyber-security is vital to ward off potential hackers. But what exactly is it?

Our devices need protection. And that can mean protecting our IT systems, the devices themselves or our networks from cyber-attacks. Cyber-security is designed to stop cyber-criminals from stealing, changing or destroying sensitive data.

But why is cyber-security important?

Cyber-crime costs businesses in the UK tens of millions of pounds each year. It doesn’t matter if you’re a small or large business. In 2019, almost a third of all UK companies surveyed by the government reported at least one attempt to breach their cyber-security – with the average annual cost of lost data or assets coming to £4,180.

Technology, like the Internet of Things (IoT), is getting smarter every day. But so are hacking methods. Establishing a robust framework and strategy for protecting your data and IT assets has never been more important. The last thing you need is a huge, public data breach which could put your company’s reputation at risk. It’s time to get your cyber-security plan right.

Technology is getting smarter every day. But so are hacking methods. Establishing a robust framework and strategy for protecting your data and IT assets has never been more important.
Yasemin MustafaSenior Manager, Enterprise Security

Key pillars of cybersecurity

There are three pillars of cyber-security. It’s a good idea to use them as a skeleton to create your own cyber-security strategy, roadmap and plan. Let’s take a look at them.

1. People

Let’s start with the people behind the brand. Everyone is important in the overall day-to-day running, and the same goes for protecting the IT assets and data of the company. Your team needs to fully understand what they can do to not only prevent a breach, but what mistakes could cause one to happen. And this goes from the top of the business to the bottom.

  • Executives need to understand how their decision making before, during and after a breach can have a knock-on effect for the future. It could dictate how successful the prevention, mitigation and response to a cyber threat is going forward
  • It is essential to create an incident response strategy, with a dedicated Incident Response team to help protect your IT. Larger businesses recruit - but for smaller businesses, consultants and other third-party vendors can help with any cyber knowledge gaps
  • And for other employees - following a policy, using devices safely and handling data correctly means cyber-security becomes part of their day-to-day routines

Once you have this deep cultural understanding of how cyber-security works, hackers will have a lot harder time cracking your business. 

2. Processes

Processes soon become second nature. And familiarity with cyber-security procedures can mean the difference between a major and minor incident. If your team know exactly where to report a phishing attempt or an account breach, your response team then have the time to react and contain.

Your IT department should also audit and regularly test the vulnerability of your network and hardware. They’re more likely to spot suspicious activity – and stop it – before a cyber-criminal can exploit them.

3. Technology

Technology is there to help each and every employee to do their jobs. It’s important to have the technology that can support everyone in preventing cyber-crime.

But having security experts, whether inhouse or outsourced, is key to cyber-security. They can maintain protected networks and systems, track and quarantine threats as they appear and monitor data for unauthorised manipulation.

Your strategy should include security solutions that can build in multiple layers of protection. It should be failsafe and alert users to potential attacks, slow any successful breaches, and keep you in the know so you have the right data to tackle the problem.

Common cyber threats

Malicious Software (Malware)

Common types of malware are viruses, worms, Trojans and spyware. They normally come as a file or bit of software – and are very harmful to a computer user.


Ransomware is a type of malware. It encrypts files with the intent to ‘ransom’ a businesses’ own data back to them.

Phishing attempts

Phishing is a form of social engineering. Hackers often impersonate a person of influence within a company – and then ask for sensitive information from employees. Spear Phishing, often uses more personal information gained from phishing to make their impersonations more lifelike.

Distributed Denial of Service (DDOS)

Malicious attempt to disrupt normal activities on your network by overwhelming internet-facing resources with a flood of internet traffic.

Building your own strategy

To truly protect your business from cyber-threats, you need to go further than just long passwords and multi-factor authentication methods. There are number of additional protections you should ensure are covered as well such as: installing antivirus software, setting up firewalls, ensuring security software and devices are maintained and software is up to date.  Also, that you have a backup solution in place

You need to prioritise risks, mitigate any disruption to your company’s day-to-day, identify skill gaps within the team and fill them with training. It’s also important to audit your tech often – and keep on top of the newest threats.

Your cyber-security strategy needs to constantly evolve. It needs to work seamlessly within your organisation. It needs to be agile enough to deal with any incidents. And it needs to be adaptable enough to face the ever-changing face of cyber-crime. Do all this, and your business will be as protected as it can be from cyber-attacks.