What’s the Difference Between IT and Cybersecurity?

We talk about cybersecurity a lot. And in the course of talking with people, we usually get a question similar to this:

We love this question because while it boils down to a simple answer, there’s a little background to give you first.

“What is I.T.?”

Information Technology, or IT, is the managing or processing of information using all things computers.  This includes laptops, servers, cell phones, data centers, your car, the cloud, apps on your phone, Google, connecting to the internet, the power grid, airplanes, and updating your profile picture.  All of it…and then some. It’s a wildly diverse field with so many aspects to it we can’t possibly cover all of them here, but at the end of the day, it’s about taking information and making it available electronically.

When we take these pieces and start plugging them together, like some servers with a little bit of code and some cables, we get an IT system.  This could be a small IT system for some accounting software in an office, or with enough of them, it could be huge like Amazon.

Using these IT systems has had a HUGE impact on our world.  Things that used to take place on paper and could take days, like delivering a letter, can now happen instantly with things like email and text messages.  We can find out information from across the globe at any time, and have made huge strides in discovering more about who we are as humans.

“Ok, so what’s cybersecurity?”

Cybersecurity (also called information security, IT risk management, IT security, infosec, or a million other things) is about protecting those IT systems and the information they process.  In the industry we focus on three main areas:

CONFIDENTIALITY

This is about protecting and keeping your secret information that way.  We want to make sure that only the right people can access the information.  When your passwords were stolen in a data breach, that’s a breakdown in protecting the information’s confidentiality.

INTEGRITY

Say you have some information on an IT system, like salary amounts, and those numbers got changed.  That would be bad right? We want to trust that the IT system is going to keep our information the same from when we put it in, to when we pull it out.  If it has changed without our knowledge or consent, that’s an integrity issue.

AVAILABILITY

If we rely on an IT system to do something, like process online orders, we want that IT system to always be available.  If it’s not - maybe due to someone hacking a server, unplugging a power cord, or even slicing an undersea internet cable with their ship’s anchor - that’s a failure to protect the information’s availability.

“I’m with you so far.  What’s the difference then?”

It boils down to this: IT is about making an IT system work, while cybersecurity is about making an IT system work securely.  If you were to hire an IT person to install your new internet router, they would come in, set it up, make sure you could access the internet, and then leave as they would have fulfilled their obligations.  In cybersecurity, we would check to make sure the internet router is securely installed, has a strong password, is updated, and is configured correctly so that no one else can change anything except for you.  We call these items we check “vulnerabilities” and they could put you at risk for a cybersecurity incident, like ransomware. The hard part is that you may not even know you’re vulnerable until it’s too late.

So if you or your organization are worried that you might be vulnerable, let’s talk about our Vulnerability Assessment today and find out how we can work together to help you keep doing what you do best.

Follow us - stay ahead.

Read more of the ACT