This post is an introductory post that dives into the fundamentals of cybersecurity, why cybersecurity is important, and its real world applications among other things.
What is Cybersecurity?
Cybersecurity is the protection of systems, programs, and networks that are often dependent on internet connection and an online user base. It is often the umbrella term given to the actions taken and the protections implemented by companies or individuals looking to protect their information from unauthorized access and malicious attacks.
To put it in simpler terms, Cybersecurity is the protection of the digital world, which is getting closer and closer to our world by the second.
What makes it so important?
In recent years, as the number of digital databases and more complex data structures have increased, more and more companies have taken part in the wave of digitization through the internet. Though our digital security and data protection methods have only improved in recent years, the number of vulnerabilities logged by worldwide databases has dramatically increased.
For example, the United States National Vulnerability Database has logged a dramatic increase in Common Vulnerabilities and Exposures (CVEs) over the past few decades,
"NIST National Vulnerability Database Analysis | Redscan". Redscan, 2021, https://www.redscan.com/news/nist-nvd-analysis/. Accessed 20 May 2021.
This begs the question...Why are we identifying more vulnerabilities in systems everyday even though we seem to be getting better cybersecurity advancements?
Well, despite the many strides that have been made in the field of data protection and vulnerability resolution, the most dangerous variants of common vulnerabilities are on the rise as hackers and data manipulators have become more sophisticated in their methods and as data systems have become more complex and open to new kinds of vulnerabilities. As we get more sophisticated, so do those who try to breach and manipulate systems and networks with malicious intent. In other words, cybercriminals.
The only way to mitigate the efforts of sophisticated cybercriminals, our world’s focus on cybersecurity must become more apparent and more individuals along with large businesses must spend more energy on securing their position in the global cyberspace. Without proper protections in the digital world, businesses and individuals are very vulnerable to any number of terrible cyberattacks that could completely destroy the lives of many.
Now, you may ask….How can a cyberattack destroy my life?
Most of us commonly use devices like cell phones, laptops, desktops, tablets, etc., meaning we almost always have access to the internet and we visit hundreds or sometimes thousands of websites in a year. What we don’t realize, however, is that when we visit those websites, large-scale data mining algorithms initiate and pull a lot of our personal information to store and analyze in their own databases. Other than large businesses, most individuals don’t have enough knowledge or access to digital protections against unauthorized or unwanted breaches of data. As a result, many large corporations like Microsoft, Google, Amazon, etc. have access to our personal information due to our unprotected use of their digital services.
A single cyberattack that exploits a single vulnerability can breach such large databases and access our personal information, which can be used to access credit card information, social security information, bank accounts, etc.
Cybercriminals are a very real threat that we often disassociate from our reality because we seem to think they only affect the digital world.
The Three Tenets of Information Security
In essence, information security is the protection of information and information systems in order to ensure quality, safety, and efficiency. As many enterprises in big business have realized, no large business can run effectively in the global cyberspace without a constantly adapting and improving information security management system with resources devoted to ensuring the protection of pertinent data.
Confidentiality
One of the main purposes of Information Security is to maintain the privacy of the data stored in databases, systems, and networks. The Confidentiality component of the CIA triad essentially represents privacy and its importance to the sustainability of major data systems and networks. The principle of Confidentiality is to keep information hidden and only accessible to those with the proper authorization to access it. For example, a financial services company would like to keep its client list and those clients’ details hidden and not accessible by cybercriminals, and thus they would focus on the principle of confidentiality in their work towards information security. Generally, the principle of confidentiality is what entails the development of sophisticated firewalls, data encryption, and strict access control.
Integrity
The principle of integrity refers to the accuracy or reliability of data that is stored in a system or network. For the integrity of a system, database, or network to be compromised, a hacker can access the information stored in them and modify it in a way that is favorable to themself, thus compromising the integrity of the data. If a hacker went through a medical insurance company’s records and modified recipient information to suit their own needs, they would have compromised the integrity of that company’s data that was stored in their own database. Contrary to popular belief, the integrity of a system or network can be compromised without an actual malicious attack. The integrity of a system can be compromised due to user error resulting in the improper entry of data.
Availability
In the context of Information Security, the principle of availability in the CIA triad refers to the accessibility of information. In other words, this principle refers to the ease of access for those who are properly authorized to access that data. Unlike the principle of confidentiality, this principle refers to how easily an authorized individual can access the proper data rather than how easily an unauthorized individual can breach a system and access that data. An example of an interruption in availability would be when a hacker takes down a website for a business through a Distributed Denial of Service(DDoS) attack by flooding it with unwanted traffic.
Wrapping it all up
In this post, we discussed the definition of cybersecurity and why it is becoming increasingly important in the modern world. We also talked about possible reasons for an increase in vulnerabilities worldwide in recent years. This post also discusses the effect of big data mining on the confidentiality of our personal information in the digital cyberspace. We also discussed the major tenets of information security which are absolutely essential in understanding the fundamentals of cybersecurity and data protection.
If you liked this post, please follow "Cybersecurity" on the blog page and be sure to subscribe to receive immediate updates on our posts and similar posts!