What is cyber security?
Security means different things to different people, but the one thing that stands out is that security is a process and not an end state. Something will be considered secure if the perceived risk is maintained at an acceptable level. Security revolves around three features namely confidentiality, availability and integrity. Computers and information need security the most in the current times when everything is moving towards digitization. Cyber security, therefore, is the process of ensuring that confidentiality, availability and integrity of information is maintained.
Confidentiality assures that only authorized parties can access certain information. Integrity of information is achieved through the maintenance and assurance of accuracy and consistency of such information over its whole life-cycle. Information availability is the uninterrupted access to information by the authorized parties whenever needed. Cyber security is the capability to defend against attacks from adversaries and accidents as well as to recover from them. Recovery and business continuity is very crucial to cyber security. Cyber security can also be referred to as the collection of policies, tools, security safeguards, security concepts, actions, guidelines, management approaches, training assurance, the best practices and technologies that can be put in place for protection of cyber environments, organization and user’s assets.
Types of cybersecurity
Critical infrastructure in a nation will provide the essential services that supports the nation’s society. Critical infrastructure is a term used broadly to describe the physical and cyber assets and systems vital to a nation’s well-being that their destruction or incapacity would have devastating consequences of that nation’s physical or economic security or public health or safety. These essential services include water purification, electricity grid, hospitals and traffic lights. An attack to any of these services can have a debilitating impact to any organization that depends on that service. It is therefore the work of an organization to identify the cyber services they depend on, the attacks that may occur on these services and define contingency plans in order to reduce or eliminate the effects of an attack.
Network security is an activity that will protect the integrity and usability of a network and data. It is the strategy and provision of an organization in ensuring asset and network traffic security. For a security network to effective, it should have the ability to manage access to a network. It can detect any emerging threat before it infiltrates the network and compromises the data available. The common components of network security include firewalls, intrusion detection and prevention systems (IDS/IPS), anti-virus software and virtual private networks (VPNs). These components generate data in large volumes that at times valid security alerts are missed. To carb this issue, machine learning is being employed for the management and monitoring of network security through flagging of abnormal traffic and alerts in real time.
Experienced professionals in information security are concerned that most of the principles making cloud computing attractive are running counter to best practices in network security. Cloud providers have recognized this and are creating better security systems. There are three considerations that work towards creating a better cloud security system; security consistency, segmentation of business applications and central management of security deployment and streamlined policy updates.
There has been an increase in the number of companies opting for the development of their own application, as well as record numbers purchase and open source code incorporation into their applications. This has also increased the variety of associated risks and vulnerabilities.
The weakest technical point of attack currently is application security (AppSec), with web application security being the best candidate. There are ways of mitigation and some organizations have mitigated against the OWASP Top Ten Web vulnerabilities.
Internet of Thing (IoT) Security
Very many IOT devices are not secured for instance kids toys connected to the internet. Some of these devices also do not have a way of being secured. The lack of security in a certain device is a threat concern to both to the user and to other users on the internet. Insecurity in IoT present unique challenges in security for the home users and society as a whole.