What is Cyber?
Never far from the headlines, “cyber” is a word whose meaning has become lost in media hype. A shortened form of “cybernetics”, cyber originally meant “the science of communications and automatic control systems in both machines and living things.” Since the 1980s, the meaning has been expanded to encompass virtually anything IT-related, from desktop PCs to smartphones, to computer programming to the Internet.
These days businesses and nation states defend themselves against cyber-warfare, the Internet is sometimes referred to as cyberspace and “high tech, low life” science fiction is termed cyberpunk.
But for business, the most important reference is in relation to cyber security and cyber crime.
Cyber crime is a catch-all phrase for illegal acts committed using a computer. Whether hacking corporate networks, extorting money via email scams, or distributing malware to steal data, each is an example of cyber crime.
In the mid-1990s cyber crime was usually focused on consumers in an effort to extort passwords or finances. But as techniques have improved, businesses and even governments are now under constant attack by criminals – millions of US government employees had their personal details stolen just last week allegedly by a group of Chinese hackers for instance.
And as more business processes are opened to the Internet, the potential attack surfaces increase exponentially. Where criminals once had to focus all their efforts on breaching the corporate firewall, they can now use email, instant messaging platforms, and weak passwords as starting points. Despite being protected by enterprise-grade security systems, Cloud services also add to the potential risks – particularly as the average business now up to 1245 different services, 86% of which have not been officially sanctioned.
The most common technique used by criminals to breach corporate security is phishing. Criminals send messages that try and trick individuals into divulging sensitive information like bank account details or passwords using carefully crafted spoof websites. As techniques to profile individuals have become more refined, criminals have been able to better target messages to their specific circumstances in much the same way that digital marketers do, greatly increasing the odds of a successful deception.
Cyber security is used to describe any IT-related function or feature designed to protect intellectual property, corporate assets or data – to fight cyber crime in other words. A wide field, cyber security encompasses desktop components like antivirus and user account control, through to stateful inspection firewalls, VPN encryption and app sandboxing.
Although the most common cyber security breaches are caused by human factors – responding to phishing and spear phishing – it is imperative that systems are designed to minimise the potential damage. When using Cloud services, data should be encrypted whilst in transit and when it is stored, preventing interception or retrieval if the security is breached.
It is also essential that new software is designed with a security-first focus reducing the potential for compromise or data leakage, and raising security standards in the process. All applications need to implement encryption techniques as suggested above for instance.
But as well as a secure final product, the applications need to be built using secure development techniques. Although businesses are well aware of the need for cyber security, far too few consider the techniques applied during development and the effect this approach will have on the final product.
For further advice and assistance on building secure applications to meet the needs of your business and avoid the risk of becoming a victim of cybercrime, please get in touch with Dootrix
Subscribe to our newsletter for free advice delivered to your inbox on a fortnightly basis.
Andersen Cheng, CEO at Post-Quantum Solutions
Integrity must underpin everything that PQ does. Dootrix demonstrated this in abundance. Andersen Cheng, CEO at Post-Quantum Solutions