The threat of cyber-attack is increasing every year.
According to the Online Trust Alliance, 2017 was the worst yet in terms attacks on business. Figures indicate that attacks doubled from 82,000 incidents in 2016 to over 159,000 – and that’s just the ones we know about.
Keeping up to date with the latest cyber security threats is an almost impossible task. The time between vulnerability disclosure and attack launch is getting shorter all the time, and it’s easy for a hacker to change a line of code in the program, and then fire off another (ever so slightly different) attack.
Just to prove the point, in 2016, ransomware peaked at 40,000 attacks a day, with over 400,000 variations found. Imagine trying to keep on top of all that?
Effective cyber security is knowing what’s important to you and protecting it to the best of your abilities. Think of it in three elements – the CIA triad:
Confidentiality – who really needs access to the information?
Confidentiality is all about privacy and works on the basis of ‘least privilege’. Only those who require access to specific information should be granted it, and measures need to be put in place to ensure sensitive data is prevented from falling into the wrong hands.
The more critical the information, the stronger the security measures need to be.
Measures that support confidentiality can include data encryption, IDs and passwords, two-factor authentication, biometric verification, air-gapped systems (physically isolating a secure computer network from unsecured networks such as the public internet) or even disconnected devices for the most sensitive of information.
Integrity – how do you ensure the accuracy of your data?
The integrity of your information is essential, and organisations need to take the necessary steps to ensure that it remains accurate throughout its entire life cycle, whether at rest or during transit.
Access privileges and version control are always useful to prevent unwanted changes or deletion of your information. Back-ups should be taken at regular intervals to ensure that any data can be restored.
When it comes to integrity of information in transit, one-way hashes – an algorithm that turns messages or text into a fixed string of digits, making it nearly impossible to derive the original text from the string – can be utilised to ensure that the data has remained unchanged.
Availability – how do you keep your business up and running?
Keeping your business operational is critical and you need to ensure that those who need access to hardware, software, equipment or even information can maintain this access at any time.
Disaster planning is essential for this and organisations need to plan ahead to prevent any loss of availability, should the worst happen.
Examples of disaster planning include preparing to deal with cyber-attacks (such as DDoS), data centre power loss or even potential natural disasters.
Getting the combination right
All three of the CIA elements listed above are required to ensure you remain protected. If one aspect fails, it could provide a way in for hackers to compromise your network and your data.
However, the mix between the three elements is down to the individual company, the project or asset it is being deployed on. Some companies may value confidentiality above all, others may place most value on availability.
Whatever the combination, it’s important that the CIA triad is considered at all times and by doing so you protect your organisation against a range of threats, without having to spend too much time keeping up with the latest threats.