The Basics of Cyber Security
In a time of ‘unprecedented connectedness’ where the number and type of online devices multiplies seemingly daily and personal data is handed out as freely as candy at a kids party; our exposure to risk is at an all-time high when it comes to cyber-attacks. In a market economy that thrives on interconnectivity, there must be a strong sense of cyber security to protect businesses large and small.
Designed to protect digital data across any number of information systems, effective cyber security operates on the basis that people, processes and technology are well educated, well implemented and well monitored. The majority of organisations operate on this three-tiered approach in order to mitigate the chance of human error, data breach or other attack compromising their network.
How those in cyber security jobs operate to facilitate that approach is driven by three key principles of confidentiality, integrity and availability. Otherwise known as the basics of cyber security.
For many working in cyber security they’ll understand confidentiality in the context of requiring a two-factor authentication for email and social media accounts, data encryption passwords or the biometric verification installed on laptops and smart phones which only responds to someone’s face or fingerprint. Essentially, confidentiality in a cyber security sense equates to stopping unauthorised parties accessing data. It also relates to ensuring that the identity of any party in possession of data is kept private.
Second to that is integrity. This is to do with how the information is treated should it get into the wrong hands, for example pictures being modified inappropriately or financial documents being tampered with for fraudulent purposes. So integrity, in cyber security terms, is to do with the protection of information to prevent those modifications from happening and ensure that information remains accurate and consistent as per the original data. Common obstacles to integrity can come from malware, insider threats, compromised hardware, unintended transfer errors, misconfigurations and of course human error. These are typically treated with practices such as using file permissions and data back-ups.
Cyber security, while protecting and preventing, is also there to accommodate information in a safe and secure way so as not to block access to the people actually authorised to view it. This is where the concept of availability comes in. Errors across hardware or programming, system failures and cyber-attacks can all stand in the way of the right people being able to access necessary information when needed, which ultimately devalues the data in question. This is why cyber security measures such as backing up data to external hard drives and firewalls are so critical.
Any kind of cyber-attack has the potential to expose the vulnerability of one or more of those basic principles of cyber security which takes us back to the importance of ensuring a business’ people, processes and technology are aligned with a robust cyber security practice governing every area of the organisation.