Cybersecurity?

$\newcommand{\cybersecurity}{\color{blue}{\mathsf{cybersecurity}}}$ $\newcommand{\Cybersecurity}{\color{blue}{\mathsf{Cybersecurity}}}$ $\newcommand{\InfoSec}{\color{blue}{\mathsf{InfoSec}}}$

What Exactly Is Cybersecurity?

Cybersecurity Means Different Things to Different Folks:

for individuals	$\cybersecurity$ means that their personal data is not accessible to anyone other than themselves and others they have authorized, and that their computing devices work properly and are free from malware.
for small business owners	$\cybersecurity$ may include ensuring that credit card data is properly protected and that standards for data security are properly implemented at point-of-sale registers.
for firms conducting online business	$\cybersecurity$ may include protecting servers that untrusted outsiders regularly interact with.
for shared service providers	$\cybersecurity$ may entail protecting numerous data centers that house numerous servers that, in turn, host many virtual servers belonging to many different organizations.
for the government	$\cybersecurity$ may include establishing different classifications of data, each with its own set of related laws, policies, procedures, and technologies.

We notice that $\cybersecurity$ is related completely with the information security.

What Exactly Is Information Security?

Information security, often shortened to $\InfoSec$, is the practice of protecting information and the systems that handle it. It is designed to prevent unauthorized access, use, disclosure, disruption, modification, or destruction of data.At its core, $\InfoSec$ is not just about technology; it is about managing risk. It applies to information in any form, whether it is digital code, physical documents, or intellectual property.

The foundation of information security is built upon three core principles known as the CIA Triad.

The CIA Triad The goal of any security program is to balance these three elements:

Confidentiality: Ensuring that information is accessible only to those authorized to have access.
Integrity: Maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle. This ensures that data cannot be modified by unauthorized people or via accidental corruption.
Availability: Ensuring that information and resources are available to users when they need them.

Where,

$\InfoSec$ encompasses the security of all forms of data.

$\Cybersecurity$ is the subset of $\InfoSec$ that addresses information and information systems that store and process data in electronic form.

, </li>

For </li>

For , </li>

For , cybersecurity may include establishing different classifications of data, each with its own set of related laws, policies, procedures, and technologies.

</ul>
The bottom line is that while the word cybersecurity is easy to define, the practical expectations that enters people’s minds when they hear the word vary quite a bit.

Technically speaking, cybersecurity is the subset of information security that addresses information and information systems that store and process data in electronic form, whereas information security encompasses the security of all forms of data (for example, securing a paper file and a filing cabinet).

That said, today, many people colloquially interchange the terms, often referring to aspects of information security that are technically not part of cybersecurity as being part of the latter. Such usage also results from the blending of the two in many situations. Technically speaking, for example, if someone writes down a password on a piece of paper and leaves the paper on a desk where other people can see the password instead of placing the paper in a safe deposit box or safe, that person has violated a principle of information security, not of cybersecurity, even though those actions may result in serious cybersecurity repercussions.
</section>

Cybersecurity Is a Constantly Moving Target

While the ultimate goal of cybersecurity may not change much over time, the policies, procedures, and technologies used to achieve it change dramatically as the years march on. Many approaches and technologies that were more than adequate to protect consumers’ digital data in 1980, for example, are effectively worthless today, either because they’re no longer practical to employ or because technological advances have rendered them obsolete or impotent.

While assembling a complete list of every advancement that the world has seen in recent decades and how such changes impact cybersecurity is effectively impossible, we can examine several key development areas and their impacts on the ever-evolving nature of cybersecurity: technological changes, economic model shifts, and outsourcing.

Technological changes

Technological changes tremendously impact cybersecurity. New risks come along with the new capabilities and conveniences that new offerings deliver. As the pact of technological advancement continues to increase, therefore, so does the pace of new cybersecurity risks. While the number of such risks created over the past few decades as the result of new offerings is astounding, the areas described in the following sections have yielded a disproportionate impact on cybersecurity.

Digital data

In the last few decades, dramatic changes have occurred in the technologies that exist, as well as who use such technologies, how they do so, and for what purposes. All of these factors impact cybersecurity.

Consider, for example, that when many of the people alive today were children, controlling access to data in a business environment simply meant that the data owner placed a physical file containing the information into a locked cabinet and gave the key to only people the owner recognized as being authorized personnel and only when they requested the key during business hours. For additional security, the data owner may have located the cabinet in an office that was locked after business hours and which itself was in a building that was also locked and alarmed.

Today, with the digital storage of information, however, simple filing and protection schemes have been replaced with complex technologies that must automatically authenticate users who seek the data from potentially any location at potentially any time, determine whether the users are authorized to access a particular element or set of data, and securely deliver the proper data — all while preventing any attacks against the system servicing data requests, any attacks against the data in transit, and any of the security controls protecting the both of them.

Furthermore, the transition from written communication to email and chat has moved tremendous amounts of sensitive information to Internet-connected servers. Likewise, society’s move from film to digital photography and videography has increased the stakes for cybersecurity. Nearly every photograph and video taken today is stored electronically rather than on film and negatives — a situation that has enabled criminals situated anywhere to either steal people’s images and leak them, hold people’s valuable images ransom with ransomware, or use them to create turmoil in people’s personal lives by creating fake profiles on dating sites, for example. The fact that movies and television shows are now stored and transmitted electronically has likewise allowed pirates to copy them and offer them to the masses — sometimes via malware-infested websites.

The Internet

The most significant technological advancement when it comes to cybersecurity impact has been the arrival of the Internet era, and, more specifically, the transformation of the Internet from a small network connecting researchers at a few universities to an enormous worldwide communication system utilized by a tremendous number of people, businesses, and organizations. In recent years, the Internet has also become the conduit for communication both by billions of smart devices and by people remotely connecting to industrial control systems. Just a few decades ago, it was unfathomable that hackers from across the globe could disrupt a business, manipulate an election, create a fuel shortage, pollute drinking water, or steal a billion dollars. Today, no knowledgeable person would dismiss any such possibilities.

Prior to the Internet era, it was extremely difficult for the average hacker to financially profit by hacking. The arrival of online banking and commerce in the 1990s, however, meant that hackers could directly steal money or goods and services — which meant that not only could hackers quickly and easily monetize their efforts, but unethical people had strong incentives to enter the world of cybercrime.

Cryptocurrency

Compounding those incentives severalfold has been the arrival and proliferation of cryptocurrency over the past decade, along with innovation that has dramatically magnified the potential return-on-investment for criminals involved in cybercrime, simultaneously increasing their ability to earn money through cybercrime and improving their ability to hide while doing so. Criminals historically faced a challenge when receiving payments since the account from which they ultimately withdrew the money could often be tied to them. Cryptocurrency effectively eliminated such risks.

In addition, not only has the dramatic rise in the value of cryptocurrencies held by criminals over the past few years enriched many crooks, providing evildoers with the resources to invest in enhancing their cyber-arsenals, but also the public’s perception of cryptocurrency as a quick way to get rich has helped scammers perpetuate all sorts of social engineering–based cybercrimes related to cryptocurrency investing.

Furthermore, the availability and global liquidity of cryptocurrency has helped criminals launder money obtained through the perpetration of all sorts of crimes.

Mobile workforces and ubiquitous access

Not that many years ago, in the pre-Internet era, it was impossible for hackers to access corporate systems remotely because corporate networks were not connected to any public networks, and often had no dial-in capabilities. Executives on the road would often call their assistants to check messages and obtain necessary data while they were remote. In later years they may have connected to corporate networks via special dial-up connections using telephone-line–based private lines for extremely limited access to only one or two specific systems.

Connectivity to the Internet, of course, created risk, but initially most firewalls were set up in ways that did not allow people outside the organization to initiate communications — so, short of firewall misconfigurations and/or bugs, most internal systems remained relatively isolated. The dawn of e-commerce and e-banking, of course, meant that certain production systems had to be reachable and addressable from the outside world, but employee networks, for example, usually remained generally isolated.

The arrival of remote access technologies — starting with services like Outlook Web Access and pcAnywhere, and evolving to full VPN and VPN-like access — has totally changed the game.

The dramatic reduction in the cost of cellular-based high-speed Internet access and the availability of mobile data plans supporting data limits sufficient enough to allow effective full-time use have dramatically reduced the need for utilizing public Wi-Fi connections. Risks that one might have deemed reasonable to take a few years ago in order to achieve various business aims have become unnecessary, and as such, policies and procedures regarding public Wi-Fi access must be updated.

Smart devices

Likewise, the arrival of smart devices and the Internet of Things (the universe of devices that are connected to the Internet, but that are not traditional computers) — whose proliferation and expansion are presently occurring at a startling rate — means that unhackable solid-state machines are being quickly replaced with devices that can potentially be controlled by hackers halfway around the world.

Globalization has also meant that cheap Internet of Things (IoT) devices can be ordered by consumers in one country from a supplier in another country halfway around the world — introducing without any oversight all sorts of unknown hardware into personal and corporate environments.

Big data

While big data is helping facilitate the creation of many cybersecurity technologies, it also creates opportunities for attackers. By correlating large amounts of information about the people working for an organization, for example, criminals can more easily than before identify ideal methods for social engineering their way into the organization or locate and exploit possible vulnerabilities in the organization’s infrastructure. As a result, various organizations have been effectively forced to implement all sorts of controls to prevent the leaking of information, and the practices of many organizations have invited all sorts of accusations around data misuse and inappropriate protections from both employees and outsiders.

The COVID-19 pandemic

The COVID-19 pandemic served as a watershed moment in the history of cybersecurity. By forcing people to stay home in environments that are unprecedentedly isolated from one another, the novel coronavirus dramatically — and likely permanently — changed the way people in the Western world work, thereby yielding multiple, significant impacts on cybersecurity.

In the short term, the pandemic created all sorts of cybersecurity problems. Organizations that had no work-from-home infrastructures in place, or had such infrastructure but only for a limited portion of their employee populations, were suddenly faced with having to enable people to work from home — often without the ability to prepare users, policies, procedures, and technologies in advance. Many such businesses could not distribute laptops or security devices fast enough to prevent work stoppages, and as a result, relied on users to utilize their personal devices for work purposes without any additional security layers added.

Likewise, few organizations offered their employees separate Internet connections or separate routers for their remote workstations, so remote workers were nearly always sharing physical and logical networks with their other personal devices and possibly with their children who may have been gaming and/or attending virtual school. The security risks of doing such is discussed in detail in Book 2, Chapter 3.

Compounding COVID-19–inflicted cybersecurity problems was the fact that while many employers did provide some forms of endpoint security software, many did not, and even those that did rarely addressed any hardware-based risks. To this day, for example, many employers have no idea what router models their employees are using for remote access or when such devices were last updated.

Another major cybersecurity concern created by the pandemic has been that communications between employees shifted from conference rooms to remote meetings, opening the doors for hackers to disrupt communications or steal confidential information. The problems were so bad that a new term “zoom bombing” was coined in 2020 to refer to the practice of mischievous folks joining and wreaking havoc in virtual meetings to which they were never invited.

Of course, the fact that people who would otherwise work together in the same location are suddenly unable to communicate quickly in person has also opened the door for many social engineering attacks. For example, a CFO who receives an email from the boss asking that the company pay a certain party for services cannot verify the validity of the request as the CFO has done many times in the past by walking ten feet to the boss’s office to confirm that the boss actually sent the message.

Likewise, people working in homes in which children are in virtual school, or quarantined, or simply living, often suffer from far more interruptions than they would had they been working in an office setting. Interruptions often lead to mistakes, and mistakes often lead to cybersecurity problems. The stress of remaining socially isolated for long periods of time also increases the odds of people making dangerous cybersecurity errors.

At a macro level, the sudden shift to work-at-home arrangements has meant that many cybersecurity professionals are increasingly overwhelmed, a problem further exacerbated by organizations having to reallocate resources — sometimes shifting both people and money from security projects to efforts to ensure continuity of operations.

And, of course, being confined to their homes has afforded many hackers more time to work on their crafts as well, perhaps contributing to the significant rise in the number of zero-day attacks and other newer forms of cybersecurity attacks seen since the pandemic’s onset. Book 1, Chapter 2 dives into many of the common cyberattacks that are out there.

Entire books have been written on the impact of technological advancement. The main point to understand is that technological advancement has had a significant impact on cybersecurity, making security harder to deliver and raising the stakes when parties fail to properly protect their assets. In addition, unforeseen developments, such as pandemics, can bring sudden, huge technological changes that carry with them tremendous cybersecurity dangers.

Social shifts

Various changes in the ways that humans behave and interact with one another have also had a major impact on cybersecurity. The Internet, for example, allows people from all over the world to interact in real-time. Of course, this real-time interaction also enables criminals all over the world to commit crimes remotely. But it also allows citizens of repressive countries and free countries to communicate, creating opportunities for dispelling the perpetual propaganda utilized as excuses for the failure of totalitarianism to produce quality of lives on par with the democratic world. At the same time, it also delivers to the cyberwarriors of governments at odds with one another the ability to launch attacks via the same network.

The conversion of various information management systems from paper to computer, from isolated to Internet-connected, and from accessible-only-in-the-office to accessible from any smartphone or computer has dramatically changed the equation when it comes to what information hackers can steal. And the COVID-19 pandemic has brought many of these issues to the forefront.

Furthermore, in many cases in which technological conversions were, for security reasons, not initially done, the pressure emanating from the expectations of modern people that every piece of data be available to them at all times from anywhere has forced such conversions to occur, creating additional opportunities for criminals. To the delight of hackers, many organizations that, in the past, wisely protected sensitive information by keeping it offline have simply lost the ability to enjoy such protections if they want to stay in business. No modern example portrays this as well as the sudden global shift to remote working arrangements in 2020.

Social media has also transformed the world of information — with people growing accustomed to sharing far more about themselves than ever before — often with audiences far larger than before as well. Today, due to the behavioral shift in this regard, it is trivial for evildoers from anywhere to assemble lists of a target’s friends, professional colleagues, and relatives and to establish mechanisms for communication with all those people. Likewise, it is easier than ever before to find out what technologies a particular firm utilizes and for what purposes, discover people’s travel schedules, and ascertain their opinions on various topics or their tastes in music and movies. The trend toward increased sharing continues. Most people remain blindly unaware of, and unconcerned with, how much information about them lives on Internet-connected machines and how much other information about them can be extrapolated from the aforementioned data.

All these changes have translated into a scary reality: Due to societal shifts, evildoers can easily launch much larger, more sophisticated social engineering attacks today than they could just a few years.

Economic model shifts

Connecting nearly the entire world has allowed the Internet to facilitate other trends with tremendous cybersecurity ramifications. Operational models that were once unthinkable, such as that of an American company utilizing a call center in India and a software development shop in the Philippines, have become the mainstay of many corporations. These changes, however, create cybersecurity risks of many kinds.

The last 20 years have seen a tremendous growth in the outsourcing of various tasks from locations in which they’re more expensive to carry out to regions in which they can be accomplished at much lower costs. The notion that a company in the United States could rely primarily on computer programmers in India or in the Philippines or that entrepreneurs in New York seeking to have a logo made for their business could, shortly before going to bed, pay someone halfway around the globe $5.50 to create it and have the logo in their email inbox immediately upon waking up the next morning, would have sounded like economic science-fiction a generation ago. Today, it’s not only common, but also in many cases, it is more common than any other method of achieving similar results.

Of course, many cybersecurity ramifications result from such transformations of how people do business.

Data being transmitted needs to be protected from destruction, modification, and theft, and globalization means that greater assurance is needed to ensure that back doors are not intentionally or inadvertently inserted into code. Greater protections are needed to prevent the theft of intellectual property and other forms of corporate espionage. Code developed in foreign countries, for example, may be at risk of having backdoors inserted by agents of their respective governments. Likewise, computer equipment may have backdoors inserted into hardware components — a problem the U.S. government is struggling with addressing as this book goes to print.

Hackers no longer necessarily need to directly breach the organizations they seek to hack; they merely need to compromise one or more of the organizations’ providers. And such providers may be far less careful with their information security and personnel practices than the ultimate target, or may be subject to manipulation by governments far less respectful of people’s rights than are the powers-that-be in the ultimate targets’ location.

Political shifts

As with advances in technology, political shifts have had tremendous cybersecurity repercussions, some of which seem to be permanent fixtures of news headlines. The combination of government power and mighty technology has often proven to be a costly one for ordinary people. If current trends continue, the impact on cybersecurity of various political shifts will continue to grow substantially in the foreseeable future.

Data collection

The proliferation of information online and the ability to attack machines all over the world have meant that governments can spy on citizens of their own countries and on the residents of other nations to an extent never before possible.

Furthermore, as more and more business, personal, and societal activities leave behind digital footprints, governments have much easier access to a much greater amount of information about their potential intelligence targets than they could acquire even at dramatically higher costs just a few years ago. Coupled with the relatively low cost of digital storage, advancing big data technologies, and the expected eventual impotence of many of today’s encryption technologies due to the emergence of quantum computing and other cutting-edge developments, governments have a strong incentive to collect and store as much information as they can about as many people as they can, in case it is of use at some later date. It is more likely than not, for example, that hostile governments may have already begun compiling dossiers on the people who will eventually serve as president and vice president of the United States 25 years from now.

The long-term consequences of this phenomenon are, obviously, as of yet unknown, but one thing is clear: If businesses do not properly protect data, less-than-friendly nations are likely to obtain it and store it for use in either the short term, the long term, or both.

Election interference

A generation ago, for one nation to interfere in the elections of another was no trivial matter. Of course, such interference existed — it has occurred as long as there have been elections — but carrying out significant interference campaigns was expensive, resource-intensive, and extremely risky.

To spread misinformation and other propaganda, materials had to be printed and physically distributed or recorded and transmitted via radio, meaning that individual campaigns were likely to reach only small audiences. As such, the efficacy effects of such efforts were often quite low, and the risk of the party running the campaign being exposed was relatively high, and often carried with it the potential for severe repercussions.

Manipulating voter registration databases to prevent legitimate voters from voting and/or to allow bogus voters to vote was extremely difficult and entailed tremendous risks; someone “working on the inside” would likely have had to be nothing short of a traitor in order to have any real significant on election results. In a country such as the United States, in which voter registration databases are decentralized and managed on a county level, recruiting sufficient saboteurs to truly impact a major election would likely have been impossible, and the odds of getting caught while attempting to do so were likely extremely high.

Likewise, in the era of paper ballots cast in person and of manual vote counting, for a foreign power to manipulate actual vote counts on any large scale was impractical, if not impossible.

Today, however, the game has changed. A government can easily spread misinformation through social media at an extremely low cost. If it crafts a well-thought-out campaign, it can rely on other people to spread the misinformation — something that people could not do en masse in the era of radio recordings and printed pamphlets. The ability to reach many more people, at a much lower cost than ever before, has meant that more parties are able to interfere in political campaigns and can do so with more efficacy than in the past. Similarly, governments can spread misinformation to stir up civil discontent within their adversaries’ nations and to spread hostility between ethnic and religious groups living in foreign lands.

Insecure mail-in ballots as used throughout the United States during the 2020 presidential election aggravated mistrust. And, with voter registration databases stored electronically and sometimes on servers that are at least indirectly connected to the Internet, records may be able to be added, modified, or deleted from halfway across the globe without detection. Even if such hacking is, in reality, impossible, the fact that many citizens today believe that it may be possible has led to an undermining of faith in elections, a phenomenon that we have witnessed in recent years and that has permeated throughout all levels of society. Even Jimmy Carter, a former president of the United States, expressed at one point that that he believed that full investigation into the 2016 presidential election would show that Donald Trump lost the election — despite there being absolutely no evidence whatsoever to support such a conclusion, even after a thorough FBI investigation into the matter. Statements and actions from the other side of the political aisle — including the terrible chaos at the U.S. Capitol after the 2020 presidential election — showed clearly that concerns about election integrity, and the perception that elections might be manipulatable through cyberattacks and other technology-based techniques, are bipartisan. It is also not hard to imagine that if online voting were ever to arrive, the potential for vote manipulation by foreign governments, criminals, and even political parties within the nation voting — and for removing the ballot auditability that exists today — would grow astronomically.

In an indication of how much concern is growing around potential election manipulation, consider that a decade ago, the United States did not consider election-related computer systems to be critical infrastructure, and did not directly provide federal funding to secure such systems. Today, most people understand that the need for cybersecurity in such areas is of paramount importance, and the policies and behavior of just a few years ago seems nothing short of crazy.

Hacktivism

Likewise, the spread of democracy since the collapse of the Soviet Union a generation ago, coupled with Internet-based interaction between people all over the globe, has ushered in the era of hacktivism. People are aware of the goings-on in more places than in the past. Hackers angry about some government policy or activity in some location may target that government or the citizens of the country over which it rules from places far away. Likewise, citizens of one country may target entities in another country with whose policies they disagree, or whose government they consider a national adversary.

Greater freedom

At the same time, repressed people are now more aware of the lifestyles of people in freer and more prosperous countries, a phenomenon that has both forced some governments to liberalize, and motivated others to implement cybersecurity-type controls to prevent using various Internet-based services.

Sanctions

Another political ramification of cybersecurity pertains to international sanctions: Rogue states subject to such sanctions have been able to use cybercrime of various forms to circumvent such sanctions.

For example, North Korea is believed to have spread malware that mines cryptocurrency for the totalitarian state to computers all over the world, thereby allowing the country to circumvent sanctions by obtaining liquid money that can easily be spent anywhere.

Thus, the failure by individuals to adequately secure their personal computers can directly impact political negotiations.

New balances of power

While the militaries of certain nations have long since grown more powerful than those of their adversaries — both the quality and quantity of weapons vary greatly between nations — when it comes to cybersecurity the balance of power is totally different.

While the quality of cyberweapons may vary between countries, the fact that launching cyberattacks costs little means that all militaries have an effectively unlimited supply of whatever weapons they use. In fact, in most cases, launching millions of cyberattacks costs little more than launching just one.

Also, unlike in the physical world in which any nation that bombed civilian homes in the territory of its adversary can reasonably expect to face a severe reprisal, rogue governments regularly hack with impunity people in other countries. Victims often are totally unaware that they have been compromised, rarely report such incidents to law enforcement, and certainly don’t know whom to blame.

Even when a victim realizes that a breach has occurred and even when technical experts point to the attackers as the culprits, the states behind such attacks often enjoy plausible deniability (for example, they claim, “we didn’t do it, maybe someone else within our country did it” or the like), preventing any government from publicly retaliating. In fact, the difficulty of ascertaining the source of cyberattacks coupled with the element of plausible deniability is a strong incentive for governments to use cyberattacks as a mechanism of proactively attacking an adversary, wreaking various forms of havoc without fear of significant reprisals.

Furthermore, the world of cybersecurity created a tremendous imbalance between attackers and defenders that works to the advantage of less powerful nations.

Governments that could never afford to launch huge barrages against an adversary in the physical world can easily do so in the world of cyber, where launching each attack costs next to nothing. As a result, attackers can afford to keep attacking until they succeed — and they need to breach systems only once to “succeed” — creating a tremendous problem for defenders who must shield their assets against every single attack. This imbalance has translated into a major advantage for attackers over defenders and has meant that even minor powers can successfully breach systems belonging to superpowers.

In fact, this imbalance contributes to the reason why cybersecurity breaches seem to occur so often, as many hackers simply keep attacking until they succeed. If an organization successfully defends against 10 million attacks but fails to stop the 10,000,001, it may suffer a severe breach and make the news. Reports of the breach likely won’t even mention the fact that it has a 99.999999 percent success rate in protecting its data and that it successfully stopped attackers one million times in a row. Likewise, if a business installed 99.999 percent of the patches that it should have but neglected to fix a single known vulnerability, it’s likely to suffer a breach due to the number of exploits available to criminals. Media outlets will point out the organization’s failure to properly patch, overlooking its near perfect record in that area.

As such, the era of cybercrime has also changed the balance of power between criminals and law enforcement.

Criminals know that the odds of being caught and successfully prosecuted for a cybercrime are dramatically smaller than those for most other crimes, and that repeated failed attempts to carry out a cybercrime are not a recipe for certain arrest as they are for most other crimes. They are also aware that law enforcement agencies lack the resources to pursue the vast majority of cyber criminals. Tracking down, taking into custody, and successfully prosecuting someone stealing data from halfway across the world via numerous hops in many countries and a network of computers commandeered from law-abiding folks, for example, requires gathering and dedicating significantly more resources than does catching a thief who was recorded on camera while holding up in a store in a local police precinct. It is also far easier and more lucrative to launch cyberattacks against rich targets from a locale in which law enforcement can be “paid off” to look the other way, than it is to net the same reward via a physical robbery.

With the low cost of launching repeated attacks, the odds of eventual success in their favor, the odds of getting caught and punished miniscule, and the potential rewards growing with increased digitalization, criminals know that cybercrime pays, underscoring the reason that you need to protect yourself.

Looking at the Risks Cybersecurity Mitigates

People sometimes explain the reason that cybersecurity is important as being “because it prevent hackers from breaking into systems and stealing data and money.” But such a description dramatically understates the role that cybersecurity plays in keeping the modern home, business, or even world running, and in keeping humans safe from physical harm.

In fact, the role of cybersecurity can be looked at from a variety of different vantage points, with each presenting a different set of goals. Of course the following lists aren’t complete, but they should provide food for thought and underscore the importance of understanding how to cybersecure yourself and your loved ones.

The goal of cybersecurity: The CIA Triad

Cybersecurity professionals often explain that the goal of cybersecurity is to ensure the Confidentiality, Integrity, and Availability (CIA) of data, sometimes referred to as the CIA Triad, with the pun lovingly intended:

Confidentiality refers to ensuring that information isn’t disclosed or in any other way made available to unauthorized entities (including people, organizations, or computer processes).

Don’t confuse confidentiality with privacy: Confidentiality is a subset of the realm of privacy. It deals specifically with protecting data from unauthorized viewers, whereas privacy in general encompasses much more.

Hackers that steal data undermine confidentiality.

Integrity refers to ensuring that data is both accurate and complete.

Accurate means, for example, that the data is never modified in any way by any unauthorized party or by a technical glitch. Complete refers to, for example, data that has had no portion of itself removed by any unauthorized party or technical glitch.

Integrity also includes ensuring nonrepudiation, meaning that data is created and handled in such a fashion that nobody can reasonably argue that the data is not authentic or is inaccurate.

Cyberattacks that intercept data and modify it before relaying it to its destination — sometimes known as man-in-the-middle attacks — undermine integrity.

Availability refers to ensuring that information, the systems used to store and process it, the communication mechanisms used to access and relay it, and all associated security controls function correctly to meet some specific benchmark (for example, 99.99 percent uptime). People outside of the cybersecurity field sometimes think of availability as a secondary aspect of information security after confidentiality and integrity. In fact, ensuring availability is an integral part of cybersecurity. Doing so, though, is sometimes more difficult than ensuring confidentiality or integrity. One reason that this is true is that maintaining availability often requires involving many more noncybersecurity professionals, leading to a “too many cooks in the kitchen” type challenge, especially in larger organizations. Distributed denial-of-service attacks attempt to undermine availability. Also, consider that attacks often use large numbers of stolen computer power and bandwidth to launch DDoS attacks, but responders who seek to ensure availability can only leverage the relatively small amount of resources that they can afford.

From a human perspective

The risks that cybersecurity addresses can also be thought of in terms better reflecting the human experience:

Privacy risks: Risks emanating from the potential loss of adequate control over, or misuse of, personal or other confidential information.

Financial risks: Risks of financial losses due to hacking. Financial losses can include both those that are direct — for example, the theft of money from someone’s bank account by a hacker who hacked into the account — and those that are indirect, such as the loss of customers who no longer trust a small business after the latter suffers a security breach.

Professional risks: Risks to one’s professional career that stem from breaches. Obviously, cybersecurity professionals are at risk for career damage if a breach occurs under their watch and is determined to have happened due to negligence, but other types of professionals can suffer career harm due to a breach as well. C-level executives can be fired, board members can be sued, and so on. Professional damage can also occur if hackers release private communications or data that shows someone in a bad light — for example, records that a person was disciplined for some inappropriate action, sent an email containing objectionable material, and so on.

Business risks: Risks to a business similar to the professional risks to an individual. Internal documents leaked after breach of Sony Pictures painted various the firm in a negative light vis-à-vis some of its compensation practices.

Personal risks: Many people store private information on their electronic devices, from explicit photos to records of participation in activities that may not be deemed respectable by members of their respective social circles. Such data can sometimes cause significant harm to personal relationships if it leaks. Likewise, stolen personal data can help criminals steal people’s identities, which can result in all sorts of personal problems.

Physical danger risks: Cyberattacks on sewage treatment plants, utilities, and hospitals in recent years have shown clearly that the failure to maintain cybersecurity can lead to the endangering of human lives. For example, in 2020, a woman in Germany died while being transported between hospitals after the hospital at which she had been a patient was struck by ransomware. And in 2021, a lawsuit was filed arguing that a baby died as a result of medical mistakes made as she was born at a hospital in Alabama during system outages caused by a ransomware attack.

</section> </body> </html>

for individuals	\(\cybersecurity\) means that their personal data is not accessible to anyone other than themselves and others they have authorized, and that their computing devices work properly and are free from malware.
for small business owners	\(\cybersecurity\) may include ensuring that credit card data is properly protected and that standards for data security are properly implemented at point-of-sale registers.
for firms conducting online business	\(\cybersecurity\) may include protecting servers that untrusted outsiders regularly interact with.
for shared service providers	\(\cybersecurity\) may entail protecting numerous data centers that house numerous servers that, in turn, host many virtual servers belonging to many different organizations.
for the government	\(\cybersecurity\) may include establishing different classifications of data, each with its own set of related laws, policies, procedures, and technologies.