What is Cybersecurity?
Cybersecurity is a specialized field within the IT industry. It is the practice of analyzing and defending IT systems from malicious attacks. In an ever-evolving world, technology has been at the forefront of human intelligence and will continue to do so. Our devices are becoming more connected to the internet, making them more susceptible to cyberattacks. The cybersecurity industry exists primarily to protect digital assets from being compromised.
There are many risks involved when an individual or an organization does not implement cybersecurity best practices. These risks can be malware (malicious software) wiping out data from a hard drive, encrypting data and then asking for a ransom, or an attacker using a remote machine to conduct other cyberattacks on different targets. There are six goals that cybersecurity tries to achieve: Confidentiality, Integrity, Availability, Authentication, Authorization, and Nonrepudiation. We will take a closer look at each one of these goals and how they help us have a more secure online experience.
Confidentiality
This goal is one of the easiest to understand because it can be applied to non-IT situations. For example, the government uses this principle when keeping classified information from individuals who do not hold the proper security clearances. In the cybersecurity industry, information is kept confidential with the use of encryption. We can think of encryption as a lockbox that requires a key to unlock and view the data within it. Encrypting information allows us to protect data by making it illegible to those who do not have the key. Those who are in possession of the key can decrypt the information and make it legible. Information that is usually kept confidential includes customer names, passwords, addresses, phone numbers, debit/credit card information, and much more.
Integrity
According to Merriam-Webster, integrity means to have a "firm adherence to a code of especially moral or artistic values". When a user is accessing files on a computer system, they would like the data presented to them to be reliable and accurate. In cybersecurity, integrity is achieved through a process called hashing. Without going much in-depth, hashing uses an algorithmic function to take an input of any size and generate a summary of the data called a digest. There are two types of integrity applied in cybersecurity: system integrity and data integrity.
System Integrity
Before a user accesses their files, they need to confirm that the system where the data is stored has not been compromised. To achieve this, the user must first be authenticated via biometrics such as fingerprint, iris scan, or facial recognition. Then the system must be analyzed to determine if it has been tampered with since the user's last login. This is accomplished through a security protocol named Secure Boot. According to Microsoft, secure boot was "Developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM)". If a compromised system were to fail this test, the boot procedure would stop, and the system would shut down for further investigation. By combining biometrics and secure boot, we can implement effective system integrity.
Data Integrity
Once the system has been verified, the data stored within the system must also be verified. As mentioned above, hashing uses an algorithmic function to provide a summary or digest of the file contents. This process can be applied before accessing any file, as any small change to a file would alter the hash output completely, implying that the file has been tampered with since its last trusted state. For example, with the use of a username and password, we can have a form of authentication. However, it is a bad security practice to store the passwords in plain text, meaning they can be easily readable if accessed by a malicious actor. Instead, to maintain the confidentiality and integrity of passwords, a security process known as salting is used. When a password is salted, a random value is added to the front or end of the password before being hashed and stored. For example, if a user wanted to use the password "Password123", we would apply a salt such as "S3C!ur3#" to the front or end of the password before applying any hashing algorithms. Essentially, the password before being hashed will read as "S3C!ur3#Password123".
Availability
Availability ensures systems, networks, and files are readily accessible when required. Organizations, such as e-commerce businesses that heavily rely on cloud infrastructure, depend on this principle. "Today, about 25 percent of the world's population of 7.7 billion people shop online." (Wilson, Cybersecurity, MIT Press 2021). Organizations are using cloud computing to enable digital transformation, which is the strategy of using digital technologies to create new or enhance existing business operations and customer experience. Any disruption to these operations will cause tremendous losses or even affect human life. For example, if a hospital's patient database were to be encrypted due to ransomware, patient information such as medical care routines and prescriptions would not be available, thereby putting people's lives at risk. The same can be said of automated military weaponry that depends on a database filled with information and commands to conduct defensive actions. Not having immediate access to this database when required may put soldiers at risk.
So far, we have gone over Confidentiality, Integrity, and Availability. These three principles are also known as the C.I.A. Triad, and they are the foundation of what cybersecurity is built on. However, Authentication, Authorization, and Nonrepudiation are often, if not mostly always, overlooked in the industry.
Authentication
This is the process of verifying the identity of a user or system and is usually performed before accessing resources. A basic authentication method is a username and password, serving as the first line of defense in cybersecurity. An everyday example of this is students using their school login to access teacher and class information. Although a username and password are considered basic authentication, there are more sophisticated ways to authenticate a user, such as multi-factor authentication (MFA). Other ways we use authentication are on our mobile devices by entering a passcode before accessing our device contents, logging into our banking app to access financial services, or our doctor accessing our medical records to prescribe us the correct medication. Authentication is important to cybersecurity because it prevents unauthorized access to sensitive systems or information. It is also a compliance requirement for certain industries, which may face legal action and financial penalties if proper authentication controls are not in place.
Authorization
Authorization determines the level of access a user has to resources stored in a system and is done after the user has already been authenticated. Within a filesystem, the owner of a file can set what's called file permissions, where selected users or groups are assigned depending on whether they can read, write, or both read and write to the file. For example, any users who are deemed to be outside of an organization should not have the same level of access as someone who is part of the organization (i.e., financial statements, research & development, etc.). Another example is someone who has administrative privileges will have the authority to make changes across the whole system, while all other users will have much less control over the system. This process can be done via an access control list (ACL), where organizations can create rules allowing who and what resources they have access to. Network devices such as firewalls and intrusion protection systems (IPS) can also offer access control. For example, an administrator can set a rule in a firewall that prevents users from accessing AI websites, where employees are more likely to share confidential business data with the AI, introducing security risks. An IPS can be used to detect malware contained within an email and set to an employee. The IPS would intercept this email and prevent it from reaching an employee's mailbox.
Nonrepudiation
In the banking, medical, and government industries, it is a high priority for digital communications to contain authenticity and integrity. The National Institute of Standards and Technology (NIST) defines nonrepudiation as "A service that is used to provide assurance of the integrity and origin of data in such a way that the integrity and origin can be verified and validated by a third party as having originated from a specific entity in possession of the private key (i.e., the signatory)." This idea can be applied to emails and can be achieved by digital signatures derived from cryptography. In the simplest explanation, a sender can digitally sign their message using a cryptographic private key, which can then be sent along with a public key to the receiver. The receiver would then use the public key to decipher and authenticate that the message really came from the sender. Another example of nonrepudiation is IP addresses being attached to online purchases. If someone were to make a false fraud claim on a purchase they actually received, the auditing department would be able to determine if the user did in fact not make an authorized purchase by cross-referencing the IP address attached to the purchase to an IP address the user usually purchases from, such as their home or place of business.
References
Anomali. "Cybersecurity Authentication." https://www.anomali.com/glossary/cybersecurity-authentication
Descope. "What is Authorization?" https://www.descope.com/learn/post/authorization
GeeksforGeeks. "The CIA Triad in Cryptography." https://www.geeksforgeeks.org/computer-networks/the-cia-triad-in-cryptography/
IBM. "What is Digital Transformation?" https://www.ibm.com/think/topics/digital-transformation
Merriam-Webster. "Integrity." https://www.merriam-webster.com/dictionary/integrity
Microsoft. "Secure Boot." https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-secure-boot
Microsoft. "What is Authentication?" https://www.microsoft.com/en-us/security/business/security-101/what-is-authentication
NIST. "Non-Repudiation." https://csrc.nist.gov/glossary/term/non_repudiation
NIST. "Security Authorization." https://csrc.nist.gov/glossary/term/security_authorization
Salesforce. "What is Digital Transformation?" https://www.salesforce.com/digital-transformation/
SecurityScorecard. "Implementing Non-Repudiation in Your Security Strategy." https://securityscorecard.com/blog/implementing-non-repudiation-in-your-security-strategy-best-practices-and-techniques/
Wilson, Duane C. Cybersecurity. MIT Press, 2021.