The CIA triad in cybersecurity.
Have you considered that cybersecurity departments typically don’t generate direct revenue for organizations, yet they are crucial in almost every company that sends or stores data online? They may operate on-premises or as Managed Service Providers (MSPs), who don’t necessarily need to be physically present at the organization’s location.
In cybersecurity, the primary goal is to be able to grant accurate data and information to the right individuals who need them all the time. This is ensured through the CIA triad. Thus, Confidentiality (resources should only be accessible to authorised people), Integrity (data is not modified by the wrong people) and Availability (data is always available for authorized individuals anytime it's needed).
Now, depending on the kind of data that a company sees to be crucial for their day to day operations, it might prioritise one or two of the triad. Let me ask this question, which of the three among the triad do you think Amazon will prioritise? You got it right! Availability! This is due to the fact that their operations hinge on people shopping on their website almost all the time. If they experience an hour of downtime, not only will they lose revenue, it will also be an advantage to its competitor like AliExpress. On the other hand, Nestle and Unilever are going to prioritize confidentiality because once their formulas or recipes for making their products are accessed by unauthorized individuals, they lose their competitive advantage. To prevent some of these things, companies take cybersecurity seriously.
How do the CIA triad ensure security
This section will describe how the CIA triad works and few of the techniques it employs.
With respect to confidentiality, security professionals maintain it through methods such as encryption, access controls, and secure data handling practices. While there are many additional techniques, we will focus on these for now.
Encryption is when data is scrambled to make it unreadable for unauthorized people. Authorized individuals usually have the necessary keys to decrypt data and make it readable. Data at rest is usually encrypted with AES (Advanced encryption system), while data in transit (data that is traversing the network) is encrypted through TLS/SSL (Transport Layer Security/ Secure Sockets Layer) protocols. With this, even if an attacker intercepts the data, they can not read its content. In a nutshell, encryption makes data unreadable to unauthorized users.
Access control is the use of measures like password, biometrics, passkeys or combination of these to prevent access of data to unauthorized users. When these measures are combined we then get MFA (Multi-factor authentication). We can also use Role based access control (RBAC), where the extent of your access to a system is based on your role in the organisation.
With secure data handling, we can use techniques like tokenization and data masking to keep our data confidential. Tokenization is when the actual data is replaced by random numbers or letters. For instance, when you use Google Pay, tokenization is at work. Instead of transmitting your actual credit or debit card number over the network, your phone sends a unique token that represents your card details. Masking on the other hand is when parts of the data are replaced with fictitious data. For example, after making payment with your card, you realize that part of your credit or debit card numbers are replaced with asterisks.
Integrity is when security professionals prevent unauthorized people from making changes to data. They achieve this through a number of ways but we will briefly discuss two, which is hashing and digital signature. Let's take a scenario where your medical records in a hospital are modified by a hacker or your bank records are modified by unauthorized individuals while the data is at rest or traversing the network. Or a scenario where you download software that an attacker has added malicious code to. All these compromise the integrity of data. To prevent this from happening, we can implement access control where those who are authorized to modify the data are the only people who get access to it. Security professionals also use hashing to check the integrity of a file. Now when a hash value is generated for a file, these hash values will change significantly when even one bit of the data changes. This is why it is important to always check and compare hash values before you install a file on your computer.
Digital signature uses asymmetric cryptography, where a person or an organisation possesses a private and public key. As the name implies, public keys are meant to be available for everyone but not the private key. So, when an individual or organization signs a message, they first generate a hash of the message and then encrypt that hash using their private key. For the receiver to verify the authenticity of the message, they hash the message and decrypt the hash of the sender with the sender’s public key; if both hashes match, then the integrity (message is not modified) and authenticity (message is from original sender) of the message is intact.
Availability is when we make sure that data is always available for authorized people. Here, security professionals try as much as possible to prevent downtime. To ensure this, we create redundancy, failover systems, back ups, firewalls, disaster recovery plans and a lot more. Attackers on the other hand usually employ attack types like DDoS (Distributed Denial of Service) and ransomware attacks. Other factors like human errors, power outages and hardware failures can all cause downtimes. Let's briefly describe DDoS and ransomware.
With DDoS, attackers use botnets (infected devices that the attacker controls remotely), to send lots of traffic than a system can handle, thereby causing the system to lag or become inaccessible to people who genuinely need data from the system. The use of firewalls, CDN services and load balancing are some measures that can help defend against this attack. Ransomware on the other hand is when the attacker is able to sneak malware into a system, encrypt every file on the system and demand for a ransom (usually in crypto) before they give the decryption key to decrypt the files on the system. The common vector for ransomware attack is normally through phishing, and this can be prevented by educating employees about clicking links and opening attachments from untrusted sources. Patching known vulnerabilities and updating your system regularly also helps.
With all these said, remember that cybersecurity without physical security is no security at all. If someone can easily get into your data center or rooms that contain your critical systems and data, then they can do whatever they want with them.