• Jim Seaman

Cybersecurity: Fogging Up Business for over 20 years.

“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.”

Stéphane Nappo

Vice President Global Chief Information Security Officer 2018

Global CISO of the year

Introduction

First, I would like to thank the person who invented the prefix 'Cyber-' and secondly the person who had the bright idea of tagging security to this prefix.

  • Grrrrgh!

If you look at the origins of the terms, that make up this 'Buzz Word', you will find something completely different to the way it is widely used, today.


Cyber-

A word-forming element, ultimately from cybernetics (q.v.). It enjoyed explosive use with the rise of the internet early 1990s.


Security (n.)

mid-15c., "condition of being secure," from Latin securitas, from securus "free from care"


Defining Cybersecurity

How can there be so many confusing and differing descriptions of the term 'Cybersecurity'? Surely using the aforementioned terms, all definitions should relate to the securing assets that are associated or connected with the internet (e.g. Internet-Facing).


No?


Then why is it that there are so many descriptions and definitions that make mention of this being with regard to the protection of online or internet-connected assets but we still see confusion in the use of this term?


Cybersecurity & Infrastructure Security Agency CISA

"What is cybersecurity?
Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information. It seems that everything relies on computers and the internet now—communication (e.g., email, smartphones, tablets), entertainment (e.g., interactive video games, social media, apps ), transportation (e.g., navigation systems), shopping (e.g., online shopping, credit cards), medicine (e.g., medical equipment, medical records), and the list goes on.
  • How much of your daily life relies on technology?

  • How much of your personal information is stored either on your own computer, smartphone, tablet or on someone else's system?"

Merriam-Webster

"Definition of cybersecurity
: measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack".

Investopedia

"What Is Cybersecurity?
Cybersecurity refers to the measures taken to keep electronic information private and safe from damage or theft. It is also used to make sure electronic devices and data are not misused. Cybersecurity applies to both software and hardware, as well as information on the internet, and can be used to protect everything from personal information to complex government systems.
KEY TAKEAWAYS
  • Cybersecurity refers to the measures taken to protect electronic information in online settings.

  • Cybersecurity can span a variety of protection measures, including helping to keep cybercriminals from hacking into computers or electronic devices and stealing sensitive information.

  • Password protection and encryption are types of cybersecurity measures.

  • Commons types of cyberattacks include phishing, malware, eavesdropping attacks, and denial-of-service attacks".

The Cybersecurity Enigma: Specific or Pacific?

If I had a £/$ for every time I have heard or read this term being misused, I would be a very wealthy man. Clearly, this term has confused matters with it being used to describe far more than the defence of an organisation from internet-related threats/risks.


It has become the new Specific/Pacific:

Where the person is meaning to talk of something 'Specific' but, instead, starts referring to a large body of sea water ('Pacific')!


When I business starts to focus on the term 'Cybersecurity', do they realise that this term is only for the protection of internet-related/connected assets or is that the only thing they are looking to protect?


When they hire for that 'Cybersecurity' role, by definition that role should not have any interest in protecting the internal valuable assets from any threats/risk - their focus should only be on the organisation's perimeter.


Is this too 'Specific' or are they really looking for something that is far more expansive (like the Pacific Ocean)?


Recommendations

Throughout my 22-year career in the RAF Police, with the final decade of service being on Counterintelligence duties, I never came (or used) the term 'Cybersecurity' and this included providing the defence of military satellites (I don't think that you can get more 'Cyber' than that!).


Consequently, please, let's get away from using the ever popular 'Buzz Word' and start to focus on what is really important for business:

  • Identifying and providing proportionate protection for this valuable or high-risk business assets.

In my RAF Police career, we used the term:

"Protective Security"

This is an underappreciated and rarely used term but it provides business with the 'Ronseal Effect':

"It does exactly what is says on the tin!"

To learn more, why not order a copy of my next book?




















Conclusion

There are many lessons can be learned from military security strategies and concepts that can provide significant benefits and clarity to business. An effective strategy will help to ensure that any improvements are proportionate to the identified value and risks of an organisation's assets, whilst substantially reducing the attack vectors.

15 views0 comments