What is cybersecurity?

You can read in many places about what cybersecurity is, from Wikipedia through the websites of public institutions to the pages of companies dealing with this field. To be a bit different, this article will be purely from the perspective of CyberLadies — and written with the aim of appealing to both those who do not yet work in cybersecurity and those who are seasoned campaigners in the field.

Cybersecurity is an amazing field of human activity where everything you have ever learned comes in handy.

It sounds very lofty and unlikely when practically every definition of cybersecurity says it's a highly technical field. But it's true. And for many subfields of cybersecurity, logical thinking, context, and a curious mind are sufficient; you don't have to be a skilled hacker fencing with command lines. So, what is it about?

As a foundation, the CIA triad - 'confidentiality, integrity, availability' - is often mentioned. The CIA is what you must ensure in every organization that cares about cybersecurity. In practice, this means:

  • You must ensure that only the right people have access to various data in the organization. So, only you and the accounting department can access your payroll information. Only the building management and the security department can access records of entry to the building. Only the legal department and the company's management can access contracts.
  • You must ensure that no one can manipulate the data. When you are investigating a theft in the building but can't trust the records from access card readers, it's a serious matter. Similarly, you need to know that no one has altered the wording of contracts and many other things.
  • You must ensure that the organization will be resilient against many threats to continue providing its services. Threats in this sense can be practically anything — flooding of the data center (do we have backups, and do we know how to use them elsewhere?), targeted hacking attacks (can we recognize such attacks, stop them, and ensure they don't happen again?), interruption of service or equipment supply (our main supplier went bankrupt, how quickly do we need to replace them, and do we have reserves for the meantime?).

All of this forms a huge tangle of activities where any experience you possess truly comes in handy. Because whether you're devising secure procedures, building systems to detect attackers, or configuring emails to be less easily forged, you always need to embed your efforts into context. What impact will the introduction of a new security parameter have on other people? Will it hinder their work? How will users behave in different situations, and is our system prepared for it? Does this alarm mean someone attacked a coworker's computer, or is it normal behavior that requires adjusting anomaly detection parameters? And precisely how much you know — not only about programs and systems but also about human behavior, pop culture, or various hobbies — determines whether you'll recognize a security problem in time that needs addressing or whether you'll be able to propose procedures that others will genuinely adhere to without unnecessary restrictions.

Come improve with us in all of this and become experienced CyberLadies. The world is becoming increasingly complex — and cybersecurity is still entirely invisible and too abstract for many people. Let's learn together, help each other, have fun, and come up with ways to popularize and simplify cybersecurity for everyone.