Cybersecurity…how to eat an elephant one bite at a time
Part 2 of Cybera’s Introduction to Cybersecurity series
Cyberattacks are on the rise. According to the annual ITRC (Identity Theft Resource Center) Data Breach Report, there was a 68% increase in reported U.S. data compromises from 2020 -2021. Moreover, breaches related to cyberattacks represented more attacks than all other forms, according the ITRC 2022 Data Breach report only 11% of reported compromises used non-cyber attack vectors, such as system & human errors, physical attacks such as device & document theft, misconfigurations or through email or physical correspondence.
Implementing an effective cybersecurity regime within your organization has never been more vital.
Let’s start with a general definition of cybersecurity according to the National Institute of Standards and Technology (NIST):
Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation.
What does that mean?
With an increasing number of users, devices, and online programs in modern classrooms and workspaces, combined with the increased deluge of data — much of which is sensitive or confidential — good cybersecurity has never been more important. This is particularly true as the volume and sophistication of cyberattacks grows in pace.
What are the main elements of cybersecurity?
Cybersecurity activities can be broken down into different sections:
- Application security
- Information or data security
- Network security
- Disaster recovery / business continuity planning
- Operational security
- Cloud security
- Critical infrastructure security
- Physical security
- End-user education
Coordinating each section within an organization, and keeping it up-to-date in a constantly evolving threat landscape, is challenging but crucial. Traditional reactive approaches, i.e. putting resources towards the biggest known threats while ignoring lesser threats, are no longer sufficient.
What does “secure” really mean?
Often the CIA (or AIC) triad is referenced when talking about cybersecurity goals:
- Confidentiality
- Integrity
- Availability
Confidentiality essentially means privacy. Only those users who should be able to access something, can access it.
Integrity refers to the trustworthiness and accuracy of the data being transmitted and stored. For example, ensuring data has not been compromised at any point during its lifecycle.
Availability means information is readily accessible by authorized users.
Unless each element of the triad is confirmed, you cannot be sure your system and data are secure and not vulnerable to attack.
What are the benefits of cybersecurity?
As well as protecting your organization against breaches, outages, and ransomware, there are other benefits of implementing and maintaining good cybersecurity practices:
- Improved recovery time after a breach
- Insurers, funders, and regulators know you are compliant with industry guidelines
- Partners, customers, students and employees have improved confidence in your company’s reputation, and trust you have their best interests at heart
Types of cyberattacks
There are many types of cyberattacks on organizations, but they generally fall under the CIA triad.
- Attacks on confidentiality. Attacks that are designed to steal personally identifiable information, such as Social Insurance Numbers, along with bank account or credit card data. That information can be sold or traded on the dark web for others to purchase and use.
- Attacks on integrity. These attacks consist of personal or company sabotage, such as data leaks. A cybercriminal will access and release sensitive information for the purpose of influencing the public to lose trust in a person or an organization.
- Attacks on availability. This type of cyberattack involves blocking users from accessing their own data until they pay a fee. Typically, a cybercriminal will infiltrate a network and prohibit access to important data, demanding a ransom be paid. Companies sometimes pay the ransom and fix the cyber vulnerability after, to avoid halting business activities.
Common attacks methods can include: botnets, drive-by-download attacks, exploit kits, malvertising, vishing, credential stuffing attacks, cross-site scripting (XSS) attacks, SQL injection attacks, business email compromise (BEC), and zero-day exploits.
What are the specific types of cybersecurity threats?
Threats are often the precursor to an attack. Organizations need to keep up with new security trends and threat intelligence, to protect themselves against the many different ways a nefarious agent can try to harm them.
Cyber threats can include:
- Malware
- Ransomware
- Social engineering
- Phishing
- Spear phishing
- Insider threats
- Distributed denial-of-service (DDoS) attacks
- Advanced persistent threats (APTs)
- Man-in-the-middle (MitM)
This is a lot to take in! The key takeaway is there are many ways that threat agents can infiltrate or harm your organization. And there is no one solution to stopping them all. Cybersecurity is a multi-pronged, multi-person process.
What’s next?
In upcoming posts, we’ll dive into the common technical terms you may hear when discussing security, and what they actually mean. We’ll also discuss how understanding what you know, and what you don’t know, can help focus your efforts around cybersecurity risks (and how you can start building that high-level knowledge).
Previous post in Cybera’s Introduction to Cybersecurity series
Engage with us in cybersecurity discussions
Are there particular cybersecurity topics you’d like to chat with us about, or have us organize a community discussion about? Let us know via security@cybera.ca.