Keeping up to date with the latest cybersecurity threats is an almost impossible task. The time between vulnerability disclosure and attack launch is getting shorter all the time, and it’s easy for a hacker to change a line of code in the program, and then fire off another (ever so slightly different) attack.
Just to prove the point, in 2016, ransomware peaked at 40,000 attacks a day, with over 400,000 variations found. Imagine trying to keep on top of all that?
So, how do you go about protecting yourself against these developing threats? It’s all about understanding the importance of security, knowing what’s important to you and protecting it to the best of your abilities.
To help stay protected, you need to think of cybersecurity as comprising as three elements:
...the CIA triad.
Confidentiality - who really needs access to the information?
Confidentiality is all about privacy and works on the basis of ‘least privilege’. Only those who require access to specific information should be granted it, and measures need to be put in place to ensure sensitive data is prevented from falling into the wrong hands.
The more critical the information, the stronger the security measures need to be.
Measures that support confidentiality can include data encryption, IDs and passwords, two-factor authentication, biometric verification, air-gapped systems or even disconnected devices for the most sensitive of information.
Integrity - how do you ensure the accuracy of your data?
The integrity of your information is essential, and organisations need to take the necessary steps to ensure that it remains accurate throughout its entire life cycle, whether at rest or during transit.
Access privileges and version control are always useful to prevent unwanted changes or deletion of your information. Backups should be taken at regular intervals to ensure that any data can be restored.
When it comes to integrity of information in transit, one way hashes can be utilised to ensure that the data has remained unchanged.
Availability - how do you keep your business up and running?
Keeping your business operational is critical and you need to ensure that those who need access to hardware, software, equipment or even information can maintain this access at any time.
Disaster planning is essential for this and organisations need to plan ahead to prevent any loss of availability, should the worst happen.
Examples of disaster planning include preparing to deal with cyber-attacks (such as DDoS), data centre power loss or even potential natural disasters.
Getting the combination right
All three of the CIA elements listed above are required to ensure you remain protected. If one aspect fails, it could provide a way in for hackers to compromise your network and your data.
However, the mix between the three elements is down to the individual company, the project or asset it is being deployed on. Some companies may value confidentiality above all, others may place most value on availability.
Whatever the combination, it’s important that the CIA triad is considered at all times and by doing so you protect your organisation against a range of threats, without having to spend too much time keeping up with the latest threats.
Protect yourself with Secarma
At Secarma we’re here to support your security improvement efforts and to help you protect your all important critical business assets. Whether that be through our half day consultations or through our security testing services, our experienced security consultants will work with you throughout the process, ensuring you get the most appropriate outcome for your business.
To find out more about Secarma and what we can offer your organisation please click the button below.
This blog originally appeared in Business Cloud