CyberSecurity: The CIA Triad

 It is undeniable - we are in an age of information. We are inundated with a steady flow of information everywhere. Just about our entire online ecosystem operates on a constant influx of information. Instinctively, we protect confidential information, such as our account passwords or bank pin, but how do we safeguard crucial information on a central computer system such as IP addresses, location, or credit card information? The solution lies in Cyber Security, the protection of systems and networks from unauthorised information disclosure. A study by Gartner indicated that information security spending grew 2.4% to reach $123.8 billion in 2020 because of the pandemic.

Cyber security operates on three crucial principles: Confidentiality, Integrity and Availability collectively referred to as the CIA triad. If any of these tenets are compromised even by the slightest bit, security collapses with disastrous consequences.

Nobody likes a thief violating their property. It’s unsettling to discover they’ve rummaged through your belongings. A sense of a lack of protection prevails. It’s no different in cyber security. Hackers seek to gain unauthorized access to information stored in IT systems. In cyber security terms this would be a breach in the confidentiality pillar. Through sophisticated methods such as eavesdropping, wiretapping or encryption cracking, sensitive information falls into the wrong hands leading to money being stolen, companies becoming bankrupt eventually putting thousands of jobs at risk. As a precaution, measures such as multifactor authentication, and privilege levels are implemented to prevent this. Multifactor authentication allows a user to gain access to a system based on multiple authentication conditions such as what the user has (password), what the user knows (security token) and what the user is (biometric verification). For example, when withdrawing cash from an ATM, you can gain access by inserting your debit card (what you have) and entering your PIN number (what you know). Privilege levels ensures that information is shared only with the person who is authorised to see or process it such as bank account information or report card details. Simply put, confidentiality is the privacy of information and is a key driver to keeping data safe and accessible to only those who need to see it.

Imagine returning home from a holiday only to realise your key doesn’t open the front door. You were certain the key you had was correct but now you’re locked out. You begin to wonder if someone has changed the locks in your absence. Much like safeguarding your house, large organisations are entrusted with protecting data from being tampered with by someone with malicious intent. Businesses can only operate if they can trust the integrity of the in-house data. Imagine the disastrous chain effect of irregular bank account information or stock market fluctuations on the economy if data is inconsistent. Companies are tasked with ensuring the information they maintain is always reliable. Cyber security departments monitor and report any irregular modifications. Altered data is promptly reverted to its original state. Any failure to do this could result in something as serious as the recent British Airways credit card breach. Organisations have learned to create regular backups of essential data and regular scans to ensure public and private information integrity.

In continuation with the house key conundrum, you now decide the finest means to safeguard the keys from unauthorised access is to lock them in a safe that no one can access. Whilst this ensures absolute safety of the keys, they are no longer available to anyone, yourself included. The keys and everything they protect are unavailable. In cyber security, availability of a service is crucial. What’s the point of secure, encrypted, and error-free data if the very system hosting it is brought down? This is an increasingly occurring threat achieved through attacks such as DOS (Denial of service) or DDOS (Distributed DOS) when a service’s network is deliberately overwhelmed by a flood of network traffic. DDOS attacks are likened to a traffic jam blocking off roads thus preventing regular traffic from arriving at its destination. Fortunately, there are numerous ways to prevent this from happening and ensuring services are always available. This includes increased bandwidth, installing DDOS protection software, firewalls, and proxy servers all to ensure services are functionally available for legitimate users.

Just with a few mouse clicks, sensitive information can be at anyone’s fingertips with ease. In 2018, cybercrime was estimated to cost $600 billion to the economy. As technology advances there is a corresponding increase in abilities of sophisticated cyber criminals. Security is always as strong as its weakest link. Hence, we should no longer be asking ourselves if we need cybersecurity, rather the question should be how to enhance our cybersecurity practices to defend the very data that defines us.