What is Cybersecurity and How Does it Concern Your Small Business?

Let’s go all the way back to introductions, shall we?

Last week, we touched on risks and how they differ from business to business. As we know, risks are associated with almost every single thing you can think of in all aspects of life. There are personal risks, business risks, academic risks, and a bunch of others. If you are reading this article, then you have a genuine interest in how to protect businesses from these risks. Now, the business could be yours, or you could be an employee there, or you could be aspiring to protect online businesses from those risks. That’s a great choice. A really good choice. You are all welcome.

So, I did mention the last time that in cybersecurity, we have a process called ‘risk assessment,’ where you sit down (comfortably or uncomfortably… or you stand) and try to assess your business and the potential risks associated with it in today’s world. I gave an illustration using a fintech and a healthcare application. We all understood, perhaps? However, it got me thinking, as it got some people thinking too as well, ‘what really is cybersecurity?’

I mean, I know what cybersecurity is. I meant it got me thinking if a lot of businesses knew what it really was, apart from what they thought they knew about it, which is cybersecurity = hacking. But my dear friends, the truth is cybersecurity ≠ hacking.

In fact;

What is it then? Well, you’re not so wrong if you think about hacking. Hacking is indeed involved in cybersecurity, but it is only a part of it. A very small part. And there are different types of hacking. I won’t bore you with all the details, don’t worry. I’m not writing a textbook. But what I would do instead is start with a definition of cybersecurity, then go on to mention a few fields within cyber and how they apply to your business(es).

What is Cybersecurity, Really? 

In its simplest terms, cybersecurity is the practice of protecting your systems, networks, and data from unauthorized access or damage. It’s not just about defending your business against attacks; it's about knowing what needs to be protected, understanding the ways it can be attacked, and having a plan to prevent, detect, and respond to those attacks.

Broadly speaking, cybersecurity can be divided into two categories: offensive and defensive. Think of them as two sides of the same coin. One focuses on simulating attacks to find weaknesses. The other focuses on defending against those attacks and making sure the business is secure.

Offensive Security

This is where you actively try to find weaknesses in your systems before the cyber criminals/hackers/attackers do. Here, you have to think like an attacker. What would they do if they had to attack your application? What would they want? Financial gain? Disrupting your business for various reasons? And how would they go about it? What techniques would they use? How would they gain entry into your system? 

OffSec includes roles like:

Penetration Testing – simulating real-world attacks to see how secure your app, network, or APIs really are.

Red Teaming – a more advanced, stealthier version of testing, usually focused on seeing how well your team detects and responds to attacks.

Bug Hunting / Vulnerability Research – finding new security bugs in software or third-party tools you're using.

Offensive security helps businesses see what can go wrong before it actually does.

Defensive Security

This is the side that focuses on protection and response in the case of an actual attack.. Making sure the right controls, policies, and systems are in place. This includes:

• Security Operations (SecOps) – monitoring your systems and responding to threats in real-time.
• Incident Response – what happens after a security incident. How quickly can you contain it? Who needs to know? How do you recover?
• Threat Detection & Monitoring – setting up systems to catch suspicious activity as early as possible.
• Security Architecture – designing your systems in a way that makes attacks harder to pull off in the first place.

Then we have the Governance and Compliance (GRC) side of things. This is also extremely important for any operating business. It deals with making sure you’re complying with and following best practices and legal requirements. Some of them include the Nigerian Data Protection Regulation (NDPR), the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), and the Payment Card Industry Security Standards Council (PCI DSS), depending on your industry.

At the end of the day, all of these parts work together. You need both offense and defense. You can’t just build and hope for the best. You also can’t defend what you don’t understand. So if you're running a startup or helping build one, it’s important to know which areas apply to you and when to start thinking about them. (Hint: it’s now.)

We’ll go deeper into some of these areas as the newsletter continues, and we’ll also explore why both offensive and defensive security matter. For now, I just want you to know this:

Cybersecurity is more than “just hacking.”

It’s a full system of understanding risk, protecting what matters, and building smarter from the start.

We’ll pick it up from here in the next one.

As always, subscribe, comment, like, and share. Let’s build securely.

Thank you for reading!