What is Cybersecurity?

What is Cybersecurity?

The definition of cybersecurity is “the state of being protected against the criminal or unauthorised use of electronic data, or the measures which are taken to achieve this.” Identifying and absorbing the definition is the first part of understanding it. We need to dig a little deeper and recognise what Cybersecurity is and what it is trying to do if we’re going to benefit and improve it.

A brief history of Cyber

The term Cyber comes from the Greek word kybernētēs meaning ‘steersman’ or ‘pilot’ and was first connected with the idea of technology. When Norbert Wiener in 1948, wrote his book which described Cybernetics as “the scientific study of control and communication in the animal and the machine” it was the first time someone used the word Cyber to refer to self-regulating mechanisms.

His ground-breaking theoretical work has had a profound impact on our modern world, with virtually all of his principles of calculating and data processing machines being adopted in the design of digital computers. From the early mainframes of the 1950s to the latest microchips, his ideas are at the core of our computers today.

Of course, 1966 saw the rise of the Cybermen in Dr Who (!) and William Gibson is credited with popularising the term Cyberpunk, in his fictional novel, Neuromancer in 1984.

In truth, it took the birth of the internet to really propel the term Cyber into the position and importance it has today.

Cybersecurity, not just a technical issue…

Looking at the description above, and the history of the word Cyber, we can forgive anyone for thinking that Cybersecurity is all about technology, but that is not the case. Though the definition of Cybersecurity talks about the ‘unauthorised use of electronic data’ it goes on to talk about the measures which are taken to achieve this. 

People, processes, technology…

In 1999, Bruce Schneier (author and cryptographer) popularised the idea that good security requires a focus on people, process and technology.

But more than twenty years on, we are still trying to educate business owners and leaders on the fact that Cybersecurity isn’t about technology, but the protection of data, specifically electronic data and the mechanisms we use to achieve this.

People

We need to educate ourselves and those within our organisation’s on the importance of protecting data in ALL its forms. It shouldn’t matter if that data sits within a laptop, on a server or in a filing cabinet. This education needs to be more rounded than it has been over the last twenty years. As an industry, not enough significance has been put into helping people understand the importance of these topics. This needs to happen if we’re to improve our human defences.

Process

Ensuring you have policies and procedures in place enables teams to follow agreed ways of operating that can help protect an organisation. Some organisations operate with very few policies or procedures in place. This leads to inconsistency in the way of working, and can (and often does) lead to breaches and incidents occurring. Having agreed principles, policies and processes in place reduces the risk of error and increases confidence in your services.

Technology

Of course, we all know that Cybersecurity is about technology, and it absolutely should not be forgotten, however, it is only one part of the whole story. Cybersecurity specialists are often very proud of their technical capabilities and knowledge, but without people and processes at play, all the technical knowledge and devices in the world will not save you from a determined Cybercriminal or disgruntled employee.

As Bruce Schneier once observed;

“If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.”

Conclusion

When discussing cybersecurity it’s important to remember, as a cybersecurity specialist, that information can sit on a computer, laptop, mobile device, filing cabinet, handwritten note pad or briefcase and it is our role to protect this information in all its forms.

While the world repeatedly uses the term ‘Cybersecurity’, as professionals we need people to recognise that data can exist in both physical and electronic forms. Information must be protected from accidental or deliberate loss, destruction or access irrespective of the medium upon which it sits. Cybersecurity is here to stay, but I think we all should be working hard to help people understand that Cybersecurity is about more than Technology; It’s about people, processes and technology.

Given the ever-evolving nature of cyber threats, cybersecurity is an ongoing process that requires constant vigilance, adaptability and collaboration among organizations, individuals, and the cybersecurity community as a whole.