CyberSecurity: The CIA Triad
It is undeniable - we are in an age of
information. We are inundated with a steady flow of information everywhere. Just
about our entire online ecosystem operates on a constant influx of information.
Instinctively, we protect confidential information, such as our account
passwords or bank pin, but how do we safeguard crucial information on a central
computer system such as IP addresses, location, or credit card information? The
solution lies in Cyber Security, the protection of systems and networks from unauthorised
information disclosure. A study by Gartner indicated that information security
spending grew 2.4% to reach $123.8 billion in 2020 because of the pandemic.
Cyber security operates on three crucial principles: Confidentiality, Integrity and Availability collectively referred to as the CIA triad. If any of these tenets are compromised even by the slightest bit, security collapses with disastrous consequences.
Nobody likes a thief violating their
property. It’s unsettling to discover they’ve rummaged through your belongings.
A sense of a lack of protection prevails. It’s no different in cyber security. Hackers
seek to gain unauthorized access to information stored in IT systems. In cyber
security terms this would be a breach in the confidentiality pillar. Through sophisticated
methods such as eavesdropping, wiretapping or encryption cracking, sensitive information
falls into the wrong hands leading to money being stolen, companies becoming bankrupt eventually
putting thousands of jobs at risk. As a precaution, measures such as
multifactor authentication, and privilege levels are implemented to prevent this.
Multifactor authentication allows a user to gain access to a system based on multiple
authentication conditions such as what the user has (password), what the user knows
(security token) and what the user is (biometric verification). For example,
when withdrawing cash from an ATM, you can gain access by inserting your debit
card (what you have) and entering your PIN number (what you know). Privilege
levels ensures that information is shared only with the person who is
authorised to see or process it such as bank account information or report card
details. Simply put, confidentiality is the privacy of information and is a key
driver to keeping data safe and accessible to only those who need to see it.
Imagine returning home from a holiday
only to realise your key doesn’t open the front door. You were certain the key
you had was correct but now you’re locked out. You begin to wonder if someone
has changed the locks in your absence. Much like safeguarding your house, large
organisations are entrusted with protecting data from being tampered with by
someone with malicious intent. Businesses can only operate if they can trust
the integrity of the in-house data. Imagine the disastrous chain effect of
irregular bank account information or stock market fluctuations on the economy
if data is inconsistent. Companies are tasked with ensuring the information
they maintain is always reliable. Cyber security departments monitor and report
any irregular modifications. Altered data is promptly reverted to its original
state. Any failure to do this could result in something as serious as the
recent British Airways credit card breach. Organisations have learned to create
regular backups of essential data and regular scans to ensure public and
private information integrity.
In continuation with the house key
conundrum, you now decide the finest means to safeguard the keys from
unauthorised access is to lock them in a safe that no one can access. Whilst
this ensures absolute safety of the keys, they are no longer available to anyone,
yourself included. The keys and everything they protect are unavailable. In cyber
security, availability of a service is crucial. What’s the point of secure, encrypted,
and error-free data if the very system hosting it is brought down? This is an
increasingly occurring threat achieved through attacks such as DOS (Denial of
service) or DDOS (Distributed DOS) when a service’s network is deliberately overwhelmed
by a flood of network traffic. DDOS attacks are likened to a traffic jam blocking
off roads thus preventing regular traffic from arriving at its destination. Fortunately,
there are numerous ways to prevent this from happening and ensuring services
are always available. This includes increased bandwidth, installing DDOS
protection software, firewalls, and proxy servers all to ensure services are functionally
available for legitimate users.
Just with a few mouse clicks, sensitive
information can be at anyone’s fingertips with ease. In 2018, cybercrime was
estimated to cost $600 billion to the economy. As technology advances there is a
corresponding increase in abilities of sophisticated cyber criminals. Security is
always as strong as its weakest link. Hence, we should no longer be asking
ourselves if we need cybersecurity, rather the question should be how to
enhance our cybersecurity practices to defend the very data that defines us.
Thanks KingKewi! I'm gonna need that support!
ReplyDeleteI read your article and learned something new as a result of reading it. Its really quite useful and unique. Keep posting like this..
ReplyDeleteISO 27001 Consulting Services
Cybersecurity Company in Bangalore
Penetration testing services
SOC Monitoring Service Provider
IT infrastructure services in Bangalore
AMC services in Bangalore