I don’t know about you, but I find the words cyber and security pretty intimidating by themselves and when they’re put together, it’s an intimidating cocktail. Dig into this topic with me so we can understand what cybersecurity means exactly!
What is cybersecurity?
Think about your living space: what do you have around you: decorations, photos, furniture, documents, valuables? How do you protect all of that? Do you lock your door when you are leaving the house, do you close the windows? Are you aware of any other potential entrances through which a person could slip in and steal your possessions?
If you simplify cybersecurity, it’s basically doing the same thing with the stuff that you own digitally. The essence of it is looking for vulnerabilities — the entrances through which malicious parties can “come in” and access, steal or damage your data. People nowadays store the majority of their information digitally: documents, photos, videos, anything else you can think of, and it all contains personal information, and often payment information as well.
Just like in the offline world, people online might have bad intentions. Information is regularly stolen, leaked, blackmailed for, used for the purposes of identity theft and ultimately scamming, etc. Not all scam emails are going to be from the Nigerian prince — some may be from your “long lost uncle” who needs help with hospital bills.
I recently did some research for a blog post I wrote for the Department of Homeland Security and the amount of money people lose to cybercrime every year is ridiculous. Just like you and I, companies store valuable information online: internal and confidential documents, presentations, trainings, methodologies, plans, strategies, research — all the data a company doesn’t want to become public information. User data is another on the long list of confidential info that might get leaked, or stolen from companies, especially internet-based ones. At that point not only the company suffers the consequences, but their users as well.
Think of your Facebook account. How much private information do you have on it? The basics are some personal details such as your name, date of birth, place of residence, but include the communication and relationships that you have with other people on the platform and with taking pattern recognition and computing power into account, things get scary fast. Just the fact that you’re friends with a person, went to university with them, live two blocks away from them — that info has to live somewhere — even if it’s encrypted, it lives on a physical server. And there are plenty of ways to use even this at first glance harmless information for nefarious goals. Just so you know that your info is not as untouchable as they promise it is, Facebook was recently hacked and as much as 50 million accounts were compromised — including mine. Thanks a lot, Facebook!
The CIA Triad:
Getting back to theory: in general, cybersecurity is concerned with preserving the following three things: Confidentiality, Integrity, and Availability of information, also known as the CIA Cybersecurity Triad. And no, not that CIA!
Confidentiality, similarly to privacy, denotes making sensitive information accessible only to select trusted people. Security protocols protecting the confidentiality of information need to identify a person trying to access the files and determine whether they have access to them, a process known as authentication. A very good everyday example of this are passwords, but they’re not the be-all-end-all way of protection — that would be multifactor authentication.
Passwords are a very simple example of course, and there are more sophisticated measures to protect the confidentiality of information, but think of it this way: if your password is the key to your house, that’s how you can access your home and all of your belongings in there, or your mailbox; but in real life, you probably only have a couple of people you trust enough to make copies of your keys for, and passwords work on the same principle.
Integrity in this context means making sure that the information in question is trustworthy and accurate — making sure that data can’t be changed by those not permitted to do so. If you’ve ever used Google Docs before, you know that there are different types of permissions that you can give out to people when sharing the document — viewing, commenting, or editing access, and each signifies a degree of integrity. Luckily, in Google Docs, editing history is a thing, but nevertheless, you should make sure that people don’t misuse the rights, because an editor completely changing the whole document or deleting an important bit of data is not the end of the world but it can certainly be a pain.
Availability is concerned with whether people who are allowed to access the information can actually access it and use it when they need to. A really basic analogy is maintaining and protecting hardware to ensure that it doesn’t fail and so your information is not lost. On the other end of the spectrum, software should be always up to date and information backed up (safely encrypted!), because ultimately you don’t want to lose the information. And if the worst-case scenario happens, there needs to be a disaster recovery plan, to recover lost data.
I’m actually currently going through the process of sorting through files on my old hard drives and it is a mess. I did not have a system developed to sort and organize my files, instead, I just moved the whole mess from one drive to another. Thanks for nothing, past Masha. 😑
Learn from my mistakes and organise and protect your hard work! When I’m done sorting through the files, I’m planning to back it all up to the cloud — nifty (to say the least) in case the physical drives get damaged, or if I want to be able to access data remotely when I don’t have them present with me. I also make sure that I back up my laptop regularly.
Another interesting (and scary) way to lose access to data, other than malware or simple incursions that manually delete files, is also the denial-of-service (DoS) attack: during this, hackers overload the server by sending too much traffic or too many tasks at the same time, so the server can’t process everything and shuts down (the drama queen). The systems, websites or programs that are running on the server also shut down and you can’t access them.
To sum up:
Cybersecurity measures protect people and companies from attacks concerning confidentiality, integrity and availability of information. But, because technologies sometimes develop faster than we can protect them, there are loopholes in the systems and vulnerabilities that emerge every single day, and there are entities with malicious intent that actively search for them. Take the recent Facebook hack as the perfect example: there was a vulnerability in the ‘View as’ feature, a.k.a. Viewing your own profile as someone else. Hackers found that vulnerability and got into people’s actual accounts. Whether Facebook forgot to shut that vulnerability down, or didn’t even know that it was there, hackers found it and got in.
As our lives are becoming more and more digitized and we’re putting more and more information about ourselves online, we’re exposing ourselves to more risks — and that’s why it’s so important to understand what cybersecurity means, and how you can protect yourself. Do you have suggestions on cybersecurity topics you’d like me to write more about? Have an interesting (or maybe unpleasant) experience with cybersecurity you’d like to share? I’d love to hear it — post a comment below! 💻