Zühlke – Empowering Ideas

Cyber Security Zühlke
 

FAQ Cyber Security

Cyber security is becoming more and more important. Crucial to the protection of information and systems in the digital world is a holistic approach to cyber defence; a holistic, reliable security strategy that can cope with the increasing complexity of today's world and withstand the rapidly growing technological capabilities of cyber attackers.

Here you can find Frequently Asked Questions about Cyber Security.

Introduction to Cyber Security and how it works

When Cyber Security started

Since the dawn of human society, diplomats and military commanders have recognised the need to protect the authenticity and confidentiality of their communications. They used some advanced forms of cyphers and seals at the time to protect their messages from the enemy’s prying eyes. While this was clearly an early form of information security, the word Cyber Security includes the prefix ‘cyber’ to denote the networked digital world in which we live. Since the 1970s, when computers first started to be interconnected, smart people have tried to manipulate them and explore their possibilities. The Cap’n Crunch whistle is a famous example of one of the first computer hacks. The whistle was a toy inside a breakfast cereal box that happened to have the exact tone frequency needed to evade telephony charges. 

How Cyber Security works

Along with physical security, Cyber Security forms part of the IT security landscape. It combines technologies for defending connected systems, responding to threats and prioritising security activities in this area. The key to developing an integrated Cyber Security strategy is to recognise which risks and threats are relevant to the systems to be defended. This is generally achieved through the use of threat modelling and (cyber) risk analysis. A thorough risk analysis reveals the most efficient security measures to mitigate cyberrisks in a cost-effective way. Within a constantly evolving threat landscape, Cyber Security strategies and security measures must be adapted regularly based on an updated threat model and risk analysis.

How Cyber Security is multi-disciplinary

Cybe Security is multidisciplinary in that it requires a range of security measures in different areas, such as security management and organisation, secure (business) processes, disaster recovery and business continuity planning, operational security/security monitoring and response, network security, application security, and awareness raising/education of end users. In addition, it’s important to implement a coordinated set of security measures that reinforce each other to ensure that no vulnerabilities remain open to exploitation. Implementing Cyber Security measures therefore requires close collaboration between experts in all areas and is highly multidisciplinary in nature. 

Where is Cyber Security used?

Cyber Security must be integrated into every IT system as a matter of principle. However, systems connected to the internet must be given special consideration. Unfortunately, this applies to an ever increasing number of systems – even light bulbs, fridges and cars can be online nowadays. Protecting the security of these (sometimes critical) systems is therefore more important than ever, as their misuse can have disastrous consequences.

Cyber Security breaches can cause?

A security breach is defined as an incident that results in unauthorised access to data, applications, networks, or devices. Technically, a distinction is drawn between security breaches and data breaches. A security breach is an intrusion, whereas a data breach is when a cybercriminal steals information. This information can be sold online or used by cybercriminals to obtain additional financial information, such as bank account or passport details, that can be used for identity theft or fraud. Cyberattacks cause major reputational harm to companies and also lead to financial losses and reduced customer confidence.

Applications of Cyber Security

Cyber security framework can help organizations to?

A Cyber Security framework is extremely useful for all types of organisations and represents the foundation on which a company can build a strong security status. It includes guidelines, standards, and best practices for managing the risks that arise in the digital world. For example, the National Institute of Standards and Technology (NIST) focuses on risk identification, protection, detection, response, and recovery. These categories cover all aspects of Cyber Security and are a popular risk-based approach. In addition, ISO27K standards compliance require that companies manage their security risks, including threats and vulnerabilities, in a systematic way. Frameworks not only help companies to achieve a strong security status, but also send an important message to customers and business partners that the company’s assets are being managed securely, thus increasing the level of trust.

Cyber security versus privacy

Cyber Security and data protection are sometimes regarded as separate areas because they pursue different goals. While data protection aims to protect individuals against the misuse of their personal data, the scope of Cyber Security is much broader and also covers non-personal data. However, the fact is that the two fields are strongly interdependent – data breaches pose a very high risk to users’ private data and are therefore also associated with regulatory risks for companies that store data.

Cyber security to the cloud

Cloud computing offers increased flexibility and development speed, and shifts the responsibilities to the cloud provider. However, the line between the provider’s and the customer’s responsibilities can sometimes become blurred, making these responsibilities difficult to manage. In the past, companies focused on providing services on their own network and securing the entire scope of that network. In a public cloud environment, it becomes more difficult to stick to this approach. Public cloud services must be integrated into a well-managed cloud Cyber Security strategy to maintain strong defences and prevent cyberattacks.

Cyber security with artificial intelligence

Artificial intelligence is an increasingly prevalent technology that impacts many different areas of IT. While AI remains in its infancy, some industries already use it extensively to improve detection and prediction. Both detection and prediction lie at the core of Cyber Security, be it in relation to malware analysis or network intrusion detection. It’s not surprising, therefore, that AI plays a supporting role in many Cyber Security products. However, AI has the potential to revolutionise the Cyber Security sector by tackling problems on a much larger scale and interpreting a huge volume of protocol data that’s very difficult for humans to analyse.

Who relies on Cyber Security?

Who needs cyber security?

As long as we have something to lose, we all need Cyber Security. In the past, Cyber Security was only regarded as necessary for critical infrastructure such as in hospitals, financial institutions, and governments. These days, cybercrime is highly lucrative and many companies are being targeted. But Cyber Security also affects individuals. As we become increasingly reliant on digital services in our daily lives, we share a large amount of information about ourselves and others, often without realising it. Data protection is an uphill battle against technology advances that make it easier to gather and misuse information.

Cyber security for business?

Companies and institutions are increasingly moving large parts of their business online. This makes them more vulnerable to cyberattacks than ever before, while these attacks are becoming more sophisticated at the same time. Barely a day goes by without news that companies have lost data due to a security breach. This means that cybersecurity is now also a key issue for companies and institutions with no prior security experience. Cybersecurity companies are being asked to develop new solutions that can be integrated into existing infrastructure and continuously adapted to new attack scenarios.

Why is cyber security important for business?

Cyber Security is critical to companies because the repercussions of security attacks can be massive. In today’s digital world, companies must be able to deliver their goods and services more quickly and reliably than in the past. If a cyber security breach causes production to be suspended for several days, customers will strongly consider switching to the competition. This means that even an isolated cyber security breach can cause companies to collapse under market pressure.

Looking to the future

How will Cyber Security evolve?

How Cyber Security will evolve depends on the development of cybercriminals. Defence and research adapt to the nature of the new attacks and the aggressiveness, volume, and reach of the attackers. Trends that are sure to emerge include a cyberpandemic after COVID-19, increased use of artificial intelligence, improved data ecosystems as the basis for automation and prevention, better co-ordination between international law enforcement bodies, and increasing Cyber Security awareness in society.

Will cyber security be automated?

Certain elements of Cyber Security, such as constant monitoring of systems and detection of anomalies in network traffic, are already automated. In other areas, however, automated monitoring and detection are not possible because the vulnerabilities are not yet known. Many incidents are also essentially attributable to human error – and it’s currently not possible to explain to a machine that people are misbehaving. The combination of these two factors means that people will always play a role in both cyberdefence and in the offensive.

Which Cyber Security threats need to be prioritized?

Cybe Security threats should be prioritised according to which organisations or individuals are affected. For end users, the most severe threats are social engineering attacks such as phishing. These attacks take advantage of human fallibility to steal confidential information and gain control. Companies and organisations face a growing threat from data theft and ransomware, which often lead to substantial asset losses, reputational harm, and disruption of business continuity. At the national and societal levels, governments should develop strategies to prevent the misuse of digital data that threatens citizens’ privacy. Threats to critical infrastructure and the spreading of disinformation should also be prioritised. 

Our expertise - Cyber Security

Crucial to the protection of information and systems in the digital world is a holistic approach to cyber defence; a holistic, reliable security strategy that can cope with the increasing complexity of today's world and withstand the rapidly growing technological capabilities of cyber attackers. But what does a holistic, reliable security strategy look like?

Cyber Security - Woman checks source code
Raphael Reischuk

Raphael Reischuk

Distinguished Consultant & Head of Cyber Security Services
Contact person for Switzerland

Raphael Reischuk is a member of several international program committees for information security; he is Vice President of the Cyber Security Commission of ICT Switzerland and a member of the Cyber Security Advisory Board of the Swiss Academy of Engineering Sciences (SATW). Raphael is a frequent and passionate speaker at international conferences and appears regularly on topics of network, web and cyber security. He is the author of numerous scientific publications in various fields of IT security and cryptography, for which he has received several (international) awards.