What Does Cyber-Security Actually Protect?
What does cyber-security protect? What counts as an asset? Why do we protect these assets?
— Dusty
Cyber-security is an increasingly important field, as the amount of data being generated and shared continues to grow at a rapid pace and the threats to this data are only becoming more sophisticated, but what are we actually trying to protect?
Is it just data?
There are a number of different types of assets that cyber-security protects, some of which overlap, but the main categories include:
- Information: Information assets can be stored both digitally (USB's, databases etc.) and in an analogue form (written information, printed contracts and documentation etc.). Even conversations count as information assets!
- Software: This includes custom and non-custom developed software, business critical software, operating systems and both web & mobile apps and much more.
- Physical assets: This refers to assets such as computer systems, servers, and other types of hardware, machinery or tangible assets that need to be protected. While this category is talking about physical assets, cyber-security is concerned with protecting physical assets from both physical and digital threats and attack vectors.
- Services: This relates to services that you and your business rely upon such as electricity, heating and cooling which can be subject to both physical and non-physical attacks, accidents and failures.
- People: Cyber-security helps to protect people from threats, such as identity theft, phishing attacks, and other types of attacks. Businesses are made up of people, these people know everything there is to know about the business and can be easier targets for attackers than other types of assets. So protecting people is an essential part of a cyber-security implementation.
- Intangibles: Intangible assets are things such as an organization's reputation and brand value that can't be touched but are still very important!
With this we must realise that an asset is not just data. An asset is anything that has value to you or your business, because if it has value to you it will most certainly have value to malicious actors, and that is what cyber security aims to accomplish.
The protected the confidentiality, integrity and availability of all assets.