The role of cybersecurity

First, you might be wondering why security is so important - or why it's so difficult to achieve.

Google Trends shows that more people than ever are searching online for "cybersecurity" and "it security": the blue and red lines below. Users are searching these two terms at the highest rate, globally, since 2004! But why?

Google Trends indicating global interest in four search terms since 2004 : cybersecurity, it security, computer security, and information security. (Image from Novemver 2024.)

Chief among the reasons for this intense focus on cybersecurity is the rise in cybercrimes - and their outsize impact. Today, we all see how cyberattacks are more frequent and ever evolving. And they're absolutely causing more damage than ever before, both digitally and in the real world.

Cybercrimes target everything from critical infrastructure to trade secrets to your own personal data. These attacks are becoming more common with the growing use of cloud services, connected devices, and distributed work. Here is just a sliver of the notable attacks seen recently:

• In early 2024, a nation-state group known as Midnight Blizzard exploited the lack of MFA on a legacy account, allowing them to access Microsoft corporate emails, including emails belonging to U.S. government agencies.
• February 2024 saw a ransomware attack on Change Healthcare, a subsidiary of UnitedHealth Group. The immediate consequence was a huge number of IT systems shutting down, affecting hospitals and pharmacies nationwide. In due time, the long-term effects of this ransom attack became clear: the breach and exposure of personal health information (PHI) of ~100 millions of individuals. (For ransomware attacks on HIPAA-protected information and systems, follow OCR's guidance.)
• Secure, widely used VPNs by Ivanti were exploited en masse. The victims included CISA, the U.S. Cybersecurity and Infrastructure Security Agency.

Security breaches like these can cause real harm: financial costs, loss of customer trust, and an expensive recovery are common. Some consequences are matters of life and death: patients can miss treatments or die in health-related breaches. Damage to any critical infrastructure, like a power grid going down, can harm thousands of people.

And sure, most of us already know that it's not all that difficult to protect our own stuff. There's password managers, multi-factor authentication, thumb drives, key fobs, VPNs.

Now imagine that you're chief of information security (CISO) for a large, multinational organization. Security just got a lot more challenging: you're responsible for thousands of users, and the regulations and threats keep changing.

With a brief understanding of today's threat landscape, let's now turn to the foundations of cybersecurity: the CIA triad.

What is "confidentiality"?

Confidentiality is up first, and for good reason, says Larry Kinkaid of BARR Advisory:

"Security strategies tend to place the most focus on protecting data from prying eyes. At its most basic level, this means users are required to authenticate their identities and prove who they are, and then the system determines whether they are authorized to 'read.' This is the reason encryption has been around for a long time - to further protect data both at rest and in transit.

So, we can sum up confidentiality as protecting information from unauthorized access. What sorts of information? A lot:

• Financial assets
• Intellectual property, such as copyrights, patents, trademarks or even repositories of code and software
• All forms of communication that might be sensitive, including emails, Slacks and Teams messages, text messages, recorded calls and meetings, and more

The question then becomes, how do you protect confidential data from unauthorized access? Well, let's first how confidentiality fails, then we can see how to ensure it.

(Related reading: authentication vs. authorization.)

How confidentiality breaches occur

A breach occurs when unauthorized entities have access to your confidential data. This can happen in various ways, including data breaches, insider threats, social engineering attacks, and even brute force attacks.

For example:

• A data breach might occur when an attacker gains access to a database that stores sensitive information like credit card numbers and personally identifiable information (PII).
• An insider attack happens when an employee, carelessly or intentionally, accesses sensitive information and leaks it.
• A social engineering attack is when an attacker tricks an employee into revealing sensitive information like login credentials. Phishing is a common example of this.

In each example, the confidentiality of your sensitive information is now compromised: Unauthorized individuals can access it and potentially use it in harmful ways. Even if it's not harmful, it's a vulnerability you must consider.

(Explore vulnerabilities, threats and risk , another foundational security principle.)

How to ensure confidentiality

To ensure confidentiality, businesses can take several steps.

• Encrypt sensitive data , such as credit card numbers or personal information, when you transmit it over networks or store it on computers.
• Use access controls, such as user authentication and authorization, to limit who can access sensitive data and what they can do with it.
• Use physical controls, such as locks and security cameras, to prevent unauthorized access to sensitive data in physical locations, such as data centers or office buildings.
• Maintain a clear data protection policy and regularly train employees on security best practices to teach them how to handle sensitive information properly.

Defining "integrity" in security

Next up is integrity. Integrity is the accuracy and consistency of data as well as the completeness and reliability of systems. Data integrity means the data is complete and accurate from its original form. For systems, integrity means that systems are free from corruption, tampering, or unauthorized modification.

Ensuring integrity allows businesses to make confident and reliable decisions based on their data. Further it helps prevent operating errors, breaches and losses that can damage the business.

Traditionally, integrity might come second to confidentiality. In more modern approaches, the two are more often woven together.

How integrity can be compromised

A breach of integrity occurs when there's a change in data. This can happen in various ways:

• Data corruption might occur when a software bug or hardware malfunction causes wrong transmission and storage of data, resulting in errors or inconsistencies.
• Malicious software. When an attacker injects malicious software, such as a virus into the system, the virus might change data without the user's knowledge or consent, potentially causing damage or disruption.
• Tampering refers to an unauthorized user physically accessing a computer or storage device and changing the data on it, either by deleting or altering the data or by adding false or misleading information.

Best practices for ensuring integrity

To ensure integrity, logical access controls like periodic access reviews and the principle of least privilege are great places to start. By authorizing only specific individual in, these controls ensure the integrity of the information. Kinkaid notes that data encryption can be useful when it comes to integrity:

"Often considered a control for confidentiality, encryption is also designed to ensure that data is not modified in transit and enforces the principle of non-repudiation."

Businesses can use checksums or cryptographic hashes to verify that data isn't changed or corrupted. Additionally, they can use transaction logs or audit trails to track changes to data and systems so they can detect and correct any unauthorized or improper changes.

Finally, implementing policies and procedures for data management, such as regular backups and access controls, can help ensure data and system integrity.

What is "availability" in security?

Availability refers to maintaining the ability to access your resources when needed, even under duress: a natural disaster or after suffering intentional cyberattacks. And if this definition of availability feels like a moving target, you're not alone. Indeed, Kinkaid sees that "availability" as a concept has changed the most in recent years.

Today, availability is making its impact in practically every conversation around uptime and availability of services. (Of course, we are experiencing more natural and security disasters, too). Availability plays crucial roles in concepts like:

"While these plans have always existed," Kinkaid points out that "they are much more formalized and mature now, and often created to be essentially customer-facing. A robust security program that addresses availability is a value-add and potential differentiator between an organization and their competition."

Examples of availability breakdowns

Some common causes of availability breaches include hardware or software failures, network outages, power outages, natural disasters and cyberattacks.

A hardware failure might cause a server to crash, preventing users from accessing its data or services. Network outages might prevent users from accessing data or systems over the internet. Power outages might prevent users from accessing data or systems that rely on electrical power. A natural disaster, such as a flood or earthquake, might cause physical damage to data centers or other critical infrastructure, disrupting access to data and systems. A cyberattack, such as a denial-of-service attack, might overwhelm a system with traffic, preventing legitimate users from accessing it.

How to ensure availability

Ensuring availability must be baked into many areas of network and software development:

• Deploy redundant systems such as multiple servers or backup power sources or implement caching. This way, when one system fails, the others can continue to operate and provide the data you need.
• Use load balancers, which distribute incoming requests across multiple systems so that no single system becomes overwhelmed and unavailable.
• Regularly test and maintain your systems to help identify and address potential availability issues before they cause disruptions.

(Learn more about availability management .)

The CIA triad today

Today, the CIA triad remains foundational and useful. But let's look at two arguments within the security industry:

• Whether to add additional InfoSec properties to the concept
• The practicality of the triad when everyone is a digital user

However, as threats evolve, so do the frameworks and tools we use to protect against them. Regarding that, let's discuss NIST.

Role of NIST in cybersecurity

NIST, the National Institute of Standards and Technology, has a crucial role in the formation of cybersecurity standards. Among their many guides, directions, and security reference material, Special Publication (SP) 800-12 Rev 1, "An Introduction to Information Security" provides comprehensive guidelines on how to secure information systems. It focuses on the need to integrate security controls across the different layers of technology, from hardware to software, so that, eventually, you have a protective approach that is holistic.

NIST ensures that companies not only follow the best practices but also have well-tested practical cybersecurity solutions. The NIST cybersecurity framework is formed around 5 core functions: Identify, Protect, Detect, Respond, and Recover.

Among their initiatives is NCCoE. the National Cybersecurity Center of Excellence, which offers a lab environment where solutions are developed to deal with real-world problems. This includes data integrity attack detection and response planning. NCCoE collaborates with various technology vendors and companies like Cisco, GreenTec, Tripwire, and Semperis to create solutions for dealing with evolving cyber threats, a true public-private partnership.

(Related reading: intro to information security, aka InfoSec.)

Additional security properties

Of course, security professionals know that computer security doesn't stop with the CIA triad. ISO-7498-2 includes two more properties for computer security:

• Authentication is your systems' ability to confirm an identity.
• Non-repudiation or accountability is when your systems are able to confirm the validity of something that occurs over the system. It further assures the information's origins and integrity.

Some folks argue that the CIA triad should add more components, such as non-repudiation or physical security. Walter Haydock, Founder and CEO of StackAware, disagrees, citing redundancy:

"Mission critical and life-sustaining systems such as operational technology in power plants and embedded medical devices rely on data integrity and availability to function correctly, making the protection of life and limb a 'downstream' byproduct. And in military and intelligence contexts, data confidentiality can often mean the difference between survival and death."

Despite the non-stop evolution of cyber threats as well as technology, Haydock says the CIA triad remains a simple - and effective - framework for InfoSec.

Additional players in cybersecurity

Cybersecurity is no longer relegated only to NOCs and SOCs. It's baked into every decision we make, from deciding which enterprise vendor to onboard on a five-year contract all the way to whether to download an app on our cell phone to track our exercise. This is particularly true when you look at any modern workplace, relying on a wealth of third-party vendors and software.

That means every single person within an enterprise must also take responsibility for security. Andreas Grant, a network security engineer, says that internal threats are "an open secret" making cybersecurity an even bigger issue. Does the CIA triad account for end users, like employees within your organization? Grant argues:

"The CIA triad does not prepare the users in any shape or form to tackle inexperienced end-users. While people with malicious intents are different, there should be a fail-safe for inexperienced people. A cybersecurity infrastructure should also account for its users and their basic understanding of cybersecurity. At least in big companies, there must be some sort of training in organizations to prevent inside attacks. Unfortunately, this is mostly considered as an option after a leak."

Ultimately, Grant believes that end user behavior must also be accounted for. "I have seen time and time again how a super-strong infrastructure got messed up", he continues "only because the employees didn't know better."

Certainly, if you follow the best practices laid out in this article, including the ongoing education of all players, you'll be in as strong a spot as possible. Still, every security pro knows that 100% security is never possible.

More data security fundamentals

Public link

Please use the above public link if you want to share this noodl on another website.