top of page

CYBERSECURITY

images.jpeg

Cybersecurity

Just like physical security is aimed at protecting physical property and people from criminal activity or accidental damage, cybersecurity protects computer systems, back-end systems and end-user applications, the users of those systems, and the data they store.

Cyber security is aimed at preventing cybercriminals, malicious insiders, or others, from accessing, harming, disrupting or modifying IT systems and applications.

This is part of an extensive series of guides about data security.

The importance of cyber security

As human society goes digital, all aspects of our lives are facilitated by networks, computer and other electronic devices, and software applications. Critical infrastructure including healthcare, financial institutions, governments, and manufacturing, all use computers or smart devices as a core part of their operations. A vast majority of those devices are connected to the Internet.

Threat actors have a greater incentive than ever to find ways to infiltrate those computer systems, for financial gain, extortion, political or social motives (known as hacktivism), or just vandalism.

Over the past two decades, cyber attacks were launched against critical infrastructure in all developed nations, and countless businesses suffered catastrophic losses. There are over 2,000 confirmed data breaches globally each year, with each breach costing over $3.9 million on average ($8.1 million in the USA). Since the year 2000, over 3.5 billion people, half the world’s population, have had their private information stolen by cyber criminals.

 

Security breaches and threats can affect nearly any system including:

  • Communication — phone calls, emails, text messages, and messaging apps can all be used for cyberattacks

  • Finance — naturally, financial institutions are a primary target for attackers, and any organization processing or dealing with bank or credit card information are at risk

  • Governments — government institutions are commonly targeted by cybercriminals, who may be after private citizen information or confidential public data

  • Transportation — connected cars, traffic control systems and smart road infrastructure are all at risk of cyber threats

  • Healthcare — anything from medical records at a local clinic to critical care systems at a national hospital are vulnerable to attack

  • Education — educational institutions, their confidential research data, and information they hold about students or staff, are at risk of attack

In the vast majority of these systems, websites and web applications are a gateway for attackers. They are exposed to the public Internet, and commonly connected to sensitive back-end systems, representing a weak link in the organization’s security strategy

Whether your organization is a business of any size, a website receiving substantial traffic, or an institution or non-profit organization serving the public interest, preparing and defending against cyber security threats should be one of your foremost concerns.

Principles of Cyber Security

The primary objective of cyber security is to protect data. The security community commonly refers to a triangle of three related principles that ensure data is secure, known as the CIA triad:

  • Confidentiality — ensuring sensitive data is only accessible to those people who actually need it, and are permitted to access according to organizational policies, while blocking access to others.

  • Integrity — making sure data and systems are not modified due to actions by threat actors, or accidental modification. Measures should be taken to prevent corruption or loss of sensitive data, and to speedily recover from such an event if it occurs.

  • Availability — ensuring that data remains available and useful for its end-users, and that this access is not hindered by system malfunction, cyber attacks, or even security measures themselves.

1692215003744.jpeg
bottom of page