What is cybersecurity?Posted on: March 21, 2022
by David Diaz
There’s no denying the tremendous impact that the internet has had on businesses. It has created and transformed entire sectors, helped streamline processes and communications, and enhanced services in ways that are difficult to quantify.
But the flipside of all of this is that businesses are often dependent on technology and computer systems that can be hijacked by cybercriminals, and left vulnerable to increasingly sophisticated cyber threats.
Why is cybersecurity important?
Cybersecurity is the armour that protects all things cyber – computers and servers, hardware and software, systems and platforms, apps and online data, and so forth.
It is an essential component of an increasingly online world. It protects everything from sensitive information at an individual level to critical infrastructure used by governments.
Why cybersecurity is important for businesses
Businesses have a responsibility to protect themselves – their systems, their data, and information about their customers and supplies – from cyber threats. Particularly after the implementation of the General Data Protection Regulation (GDPR), data breaches can cause significant financial and reputational damage to any business. Business leaders can be found personally liable for cybersecurity incidents, and the fines for data breaches can be in the millions of pounds.
Despite this, the UK government’s Cyber Security Breaches Survey published in 2021 found that four in ten businesses (39%), and a quarter of charities (26%), reported cyber security breaches or attacks in the previous 12 months. The numbers are even higher among:
- medium-size businesses (65%)
- large businesses (64%)
- high-income charities (51%)
It’s also worth noting that among the businesses that report breaches or attacks, 27% of them experience the breaches or attacks at least once a week.
Most importantly, the government’s report states that for the businesses who report a negative outcome or impact from a breach, on average, the costs are substantial. One in five end up losing money, data, or other assets – not to mention other negative impacts such as the loss of staff time and wider business disruption following the incidents.
The most common cyber threats for businesses
By a wide margin, the most common cyber threat among businesses is phishing. In 2021, the UK government reported that 83% of all breaches or attacks identified by businesses were phishing attacks. For context, the second-biggest cybercrime was impersonation at 27%.
Phishing usually takes the form of an email, sent by cybercriminals, designed to lure people into providing sensitive data such as passwords, credit card details, and other personal information.
Phishing emails often appear to come from legitimate organisations or individuals, but are little more than scams. They employ social engineering, which is the psychological manipulation of people in order to get them to divulge confidential or private information.
An impersonation attack happens when a cybercriminal impersonates a trusted contact or colleague in order to get someone within a business to transfer money to a fraudulent account or share sensitive data.
Viruses, malware, spyware, and ransomware attacks
Hackers and other cybercriminals can do a lot of damage to a business through these types of attacks.
- Viruses are pieces of code that can copy themselves, usually without the victim knowing. They’re capable of corrupting systems and destroying data.
- Malware is malicious software meant to harm devices. It can cause a laptop, desktop or mobile device to slow down or stop working, and can delete and steal data, too.
- Spyware is a type of malware that captures data and then sends the stolen information to a third party, often with the victim being none the wiser.
- Ransomware is another type of malware. It typically will encrypt the files, databases or applications on a device, making them – and potentially entire systems within a business – unstable or inaccessible. Cybercriminals will then demand ransom in exchange for decryption.
Commonly referred to as hacking, unauthorised access occurs any time that cybercriminals gain access to networks, systems, applications, or datasets without permission.
How the Covid-19 pandemic has created new cybersecurity risks
In addition to all of the cybersecurity threats businesses normally encounter, the Covid-19 pandemic led to significant changes in ways of working – and has made cybersecurity even more difficult for many businesses.
For example, the rapid move to home-working led to huge changes in organisations’ digital infrastructure. These changes often included things like:
- New laptops or tablets given to staff to work on.
- New Virtual Private Networks (VPNs) being set up, or existing VPN capacity being expanded.
- Quicker approval processes for new software being implemented.
- New cloud servers being utilised.
These changes are not without their challenges and vulnerabilities. For example, a remote workforce is more difficult to support with direct security and user monitoring. Upgrading hardware, software and systems is harder, and there are more endpoints to keep track of.
What can businesses do to keep safe?
There are a number of ways that businesses can protect themselves from cyber attacks. For example, there are the standard, prevention-based security measures, such as strong antivirus software, firewalls, securing the business’s Wi-Fi network, and implementing basic security awareness training among all staff.
Having a cybersecurity strategy and robust security controls in place can help organisations stay safe – and help ensure business continuity, too. These can sit within Information Technology (IT) teams, or dedicated information security teams that focus primarily on security solutions.
There is guidance available, too. For example, GOV.UK has a dedicated ‘Cyber security guidance for business’ collection of resources, and the National Institute of Standards and Technology (NIST) in America has a Cybersecurity for IoT (Internet of Things) programme. It also has a ‘Small Business Cybersecurity’ portal that shares resources from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA).
There are also certifications available to businesses from the UK’s National Cyber Security Centre:
- Cyber Essentials. A government-backed scheme to help businesses protect themselves against the most common cyber attacks.
- Cyber Essentials Plus. The Cyber Essentials certification, with the addition of a hands-on technical verification carried out.
And, of course, a dedicated team of cybersecurity professionals can further protect an organisation from online threats.
Is cybersecurity a good career?
With cyber attacks posing such a huge threat to businesses, now more than ever before, cybersecurity professionals are needed to help keep companies safe.
The government’s 2021 Cyber Security Breaches Survey report confirms that cyber security remains a priority for management boards. In fact, over three-quarters (77%) of businesses said that cyber security was a high priority for their directors or senior managers.
With all of this in mind, it’s no surprise that Prospects is reporting around 100,000 unfilled cybersecurity jobs in the UK – or that salaries across the sector are rising. And at Reed, they’ve reported that cybersecurity jobs advertised on reed.co.uk are up 99% year-on-year.
Roles within cybersecurity include management and technical roles, and even senior leadership positions. There are specialisms in areas such as network security, data security, cloud security, and software security, and other roles available in testing, risk management, engineering, data protection, and ethical hacking.
Start your career in cybersecurity now
It’s clear that there’s no better time to consider a career in cybersecurity – and cybersecurity is one of the key areas you’ll study on the University of Sunderland’s 100% online MSc Computer Science.
The degree is ideal for people who aren’t from a computer science background but want to start a new career in the field – or enhance their computer science expertise in their current role as a means of career progression.
It’s also perfect for professionals who already work in computer science roles and want to gain an academic qualification to enhance their credentials and career prospects.