Thinking about the phrase ‘cybersecurity’

Do you ever wonder whether “cyber security” might just be one of the modern world’s most famous examples of an oxymoron? I mean, if you stop to think about it, is it really any different from the jokes people used to make about oxymorons, like when they poked fun at phrases like “military intelligence” or “compassionate conservatism”? I’ll admit it, I’m beginning to wonder if a case might be made for “cyber security”.

Maybe that’s why the trend now is to put the two words together. Perhaps turning it into a compound word (“cybersecurity”) is a sneaky bid to throw us off the scent of oxymoronism. You have to acknowledge that if it is, it’s definitely worked.

And yet that doesn’t mean it fails to qualify as an oxymoron. Let’s go back to basics, starting with cyber. According to Merriam-Webster, the definition of cyber is: “Relating to, or involving computers or computer networks (such as the internet)”. That seems pretty accurate to me, so I’m not going to argue about it.

Similarly, with security which, according to Wikipedia, is defined as: “Protection from, or resilience against, potential harm (or other unwanted coercion) caused by others, by restraining the freedom of others to act”.

So, that would appear to mean cyber security is effectively protecting computers or computer networks from harm caused by others. Simple as. And if it’s that simple, it shouldn’t be too hard then, should it? Weirdly, it is.

Because the problem with cyber security is that the more cyber you become, the harder the security gets. Think of it like this: without any cyber at all, the security was all physical. Doors, drawers, safes, locks – that’s it. The only way you could lose that physical piece of information, such as a document, was if someone broke in and stole it. And unless you had made lots of photocopies of that document, it couldn’t be shared by the person breaking in. Even if you did have photocopies in your desk or safe, it couldn’t be shared instantaneously to thousands or millions of people.

Nothing is ever completely secure, of course, so it’s possible the document or information might have been stolen, but the damage could be limited and there was a better chance of containing any potential proliferation.

Now, imagine that same document on a computer before the internet. It was pretty much the same as keeping it in a drawer or safe. Yes, someone might get access to the PC and copy it onto a floppy disk, but it still required them to break into your office and copy it from your computer to share it to other drives or PCs. Again, the physical limitations got in the way, they made it more secure.

Then came the internet and connectivity and there was suddenly a lot less security. Someone could now access your PC remotely, copy your documents and share them to huge numbers of people around the world in the blink of an eye. So, you can see why some people might be inclined to see “cyber security” as an oxymoron.

Today, cyber security often appears to be the practice of trying to protect cyber from the consequences of its own greatest attributes. This seems to mean that the tougher and more secure you make your computers or computer networks, the more you have to hobble or limit the scale of the “cyber” benefits you can enjoy. Similarly, the greater your ambition when it comes to unlocking the benefits of cyber, the bigger the risks of unlocking its security.

Businesses and organisations spending a fortune trying to make their IT more secure are conscious, all the while, that a single breach could be their ruination. Even worse, a breach occurring at the lowest level of the business could still open a door to hackers to access the CEO’s files and documents, copy them and distribute them widely, while remaining undetected for some time afterwards.

Perhaps it might make better sense to keep the two words from each other after all.