You're in dire need of cybersecurity. You know this because every GovTech article has told you this. But you have some questions, like what exactly is cybersecurity? How does it protect you from ransomware? Why does it help? Who will run it?
At SSI, people come to us with these kinds of questions all the time. This is part of our wheelhouse. This article will cover important questions about cybersecurity as a whole.
Bob Thomas is the father of cybersecurity, with help from his coworker Ray Tomlinson. In 1971, Thomas invented Creeper. This computer program left breadcrumbs wherever it went across ARPANET's network. Tomlinson then wrote a separate program, called Reaper. It followed Creeper and deleted it. Thus, the first virus and the first anti-virus were born.
Fast forward to today where cybercriminals run rampant. You can picture the kid in the hoodie, lurking in his mother's basement, surfing the internet for poor suckers to steal information from. In reality, cybercriminals can be young professionals, a team of hackers, or even someone you work with.
More pertinent to your needs is who is going to run cybersecurity at your organization. Great question! Ultimately, it's up to you. You could hire an IT Director, CIO, CISO, Information Security Analyst, or Security Architect. This would cost you anywhere from $65,000 to $250,000 per year (more if you include benefits, the cybersecurity programs and servers they would purchase, and the technology to sustain a healthy cyber ecosystem...).
Here's an alternative: using cloud enterprise resource planning (ERP) software with built-in data protection. Options could include several layers of security, built-in firewalls, encryption, data protection from power outages and natural disasters, remote capabilities, daily back-ups, and automatic updates (that was a lot... let me catch my breath). This would only cost around $5,000 to $75,000 per year, depending on the features. That's a lot of public funding saved!
We've answered the "who" of cybersecurity. Now let's get to the "what." What is cybersecurity?
In simple terms, cybersecurity protects systems connected to the internet, be it software, hardware, Internet of Things (devices that are connected to the internet), or data. Follow-up question, Bob: What does cybersecurity protect you from exactly?
According to the Cybersecurity and Infrastructure Security Agency, "Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information."
You've heard it said that the internet is a dangerous place (Thank you, Germany Kent). This continues to be accurate. Here are just a few examples of cybercrime:
Phishing (tricking someone to get their login credentials)
Malware ("malicious software", programs that cause harm)
Ransomware (malware that encrypts data, then demands a ransom to decrypt it)
Virus (malware that infects data and spreads by making copies of itself)
Worms (malware that spreads with no human interaction, jumping from one computer to the next)
Spyware (malware used to monitor a person's online activity)
Cyberterrorism (causing harm through the internet in a way that causes mass fear, like power outages)
Internal threat (accidents or intentional)
So now you know what cybersecurity is and what you need protection from. Let's move on to "when" you need protection.
So when does it become absolutely necessary to get cybersecurity? The answer: ASAP. Literally, as soon as possible. Now. Ahora. Maintenant. Jetzt. Sorry, got carried away.
The short of it is, the sooner you get cybersecurity, the sooner your data is protected. Every day you are without protection is a day that criminals can attack. Steal information. Shut down systems. Ransom data. Destroy hardware. And for public entities that handle public finances, protection is even more crucial. Citizens are counting on you to safeguard their precious information.
Maybe another "when" question you have is when would it go live after you purchase it. It honestly depends on the program. For example, with our VIP Cloud, once the software instance begins, the data protection begins. You get the benefits before you even go live with the software. If you already have VIP software, the data protection benefits start as soon as you go live on the Cloud.
With other programs, it may take longer to implement, depending on the functionalities that your IT staff will need to learn.
Now that the "when" has been answered, let's move on to the "where." Where does cybersecurity work, where does it originate, and where is cybersecurity going?
Anything connected to the internet is in danger of malware. Cybersecurity works on any connected devices, systems, servers, networks, applications, and data. That's because all of these avenues of data communication are connected to the internet in some capacity.
Cybersecurity originates from a custom framework. A cybersecurity framework is "a structured set of guidelines and best practices designed to help organizations manage and mitigate cybersecurity risks associated with their information and technology systems" (RiskOptics). In other words, a framework begins with identifying the risks of your data and coming up with a strategy to reduce those risks. From there, programs and processes are put in place to detect breaches, protect assets, and recover effectively after an attack.
Most importantly, where is cybersecurity going? According to Forbes, by the end of 2024, "the cost of cyber attacks on the global economy is predicted to top $10.5 trillion." It is becoming more of a priority in the lives of everyone. Everyone from an individual who wants their password protected to the state agency requiring zero trust.
Generative AI has recently changed the game of cybersecurity, for better and for worse. While the good guys can write better programming to protect assets, the bad guys can write better malware. This can lead to more utility shutdowns, ransoms, identity thefts, and spying. There is already a push in academia and the workforce to bolster IT skills and best practices necessary to improve cybersecurity. Governments are also creating more regulations concerning cybersecurity, AI, and internet safety.
You have probably gleaned this already, but a common question we receive is: why do we need cybersecurity? Government agencies store the most sensitive data of any organization. Think about it: bank account numbers, social security numbers, addresses, phone numbers, birthdates, credit card numbers... Everything a criminal needs to know to assume someone's identity, ransom a city, shut down infrastructure, or spy on governments.
You are the first line of defense. We know that sounds scary, but it's also true. As a public agency, you serve, lead, and protect citizens first and foremost. That is part of the contract. Ethically, you have a responsibility to protect the data you gather from your constituents.
Having cybersecurity builds trust with citizens. They will know your municipality is protected and can maintain services without interruption.
The last round of cybersecurity questions is about how it protects. There are 3 major aspects of cybersecurity: prevention, detection, and response.
Prevention puts security measures in place to stop unauthorized access and breaches before they start. Think of this as a checkup with the doctor to avoid future illness and operations.
Detection is the identification of threats and vulnerabilities in a particular system. This would be akin to an X-ray or CAT scan to find potential problems in the body.
Response is taking the actions necessary to reduce the impact of an attack. Think chemotherapy or surgery to remove a mass.
All 3 of these aspects involve computer programs, permissions, and communication to succeed.
Cybersecurity is crucial to have. But you can't justify getting something without knowing more about it. We hope that we at Software Solutions have answered your questions enough to spur you into action. Protect your data by checking out our VIP Cloud and do your research. You owe it to yourself and to the citizens who trust you with their information.
Sources:
AWS - What is Cybersecurity - https://aws.amazon.com/what-is/cybersecurity/
Cueto Law Group - 17 Different Types of Cybercrime: 2022 List With Examples - https://cuetolawgroup.com/types-of-cybercrime/
Cyber Magazine - The History of Cybersecurity - https://cybermagazine.com/cyber-security/history-cybersecurity
Cyber Security News - Hackers Released New Black Hat AI Tool Evil-GPT as a Replacement for Worm GPT - https://cybersecuritynews.com/hackers-released-evil-gpt/
Cybersecurity & Infrastructure Security Agency - Virus Basics - https://www.cisa.gov/news-events/news/virus-basics
Cybersecurity & Infrastructure Security Agency - What is Cybersecurity - https://www.cisa.gov/news-events/news/what-cybersecurity
Federal Bureau of Investigation - Cyber Criminal Forum Taken Down - https://www.fbi.gov/news/stories/cyber-criminal-forum-taken-down
Federal Bureau of Investigation - Morris Worm - https://www.fbi.gov/history/famous-cases/morris-worm
Forbes - The 10 Biggest Cyber Security Trends In 2024 Everyone Must Be Ready For Now - https://www.forbes.com/sites/bernardmarr/2023/10/11/the-10-biggest-cyber-security-trends-in-2024-everyone-must-be-ready-for-now
National University – What is Cybersecurity and Its Importance to Business - https://www.nu.edu/blog/what-is-cybersecurity
Red Law List - 5 Famous Cyber Crime Cases - https://www.redlawlist.com/blog/criminal-law/famous-cyber-crime-cases/
RiskOptics - What is a Cybersecurity Framework - https://reciprocity.com/resources/what-is-a-cybersecurity-framework/