Understanding
essential cyber
security principles

These days, it is common to hear about hacks and data breaches that happened simply because the key cyber security concepts weren't followed or because IT teams didn't get the buy-in and financial support they needed from senior management.

Business leaders need to understand the key terms and principles of cyber security to empower their teams instead of simply deploying technology and hiring people to manage it.

• “CIA.” Confidentiality, Integrity and Availability is a convenient way to keep technical security principles easy to understand.  Sensitive data must remain confidential.  Systems must not be tampered with, resulting in the loss of integrity.  And applications and systems like databases and servers must always be protected from attacks that make them unavailable for use.
• Defensive measures. Many threats and security vulnerabilities to an information system are already known or suspected. Defensive measures are applied to detect, prevent or mitigate them.
• Testing. Cyber security is not a set-it-and-forget-it business. Defensive measures need to be regularly tested and scanned for vulnerabilities. This might include engaging an external service provider to perform penetration testing or having your own IT team use phishing emails to test employee cyber security savvy.
• Training. Your cyber security team needs to keep up with the latest technology to protect the organization against threats, but cyber security training doesn't end there. Every employee must be up to speed on security terms and concepts to help manage risk. Employees should understand how cyber security principles affect their day-to-day behavior, whether that's opening email attachments, downloading applications or connecting to wireless networks.
• Response. Even organizations with a solid understanding of cyber security principles and robust technology investment could fall victim to a security incident or data breach. In those cases, there must be a plan to respond—to mitigate the threat, to ensure business continuity so that users and customers are not disrupted and to apply lessons learned so that the incident doesn't happen again.

An organization's security posture depends on the controls it puts in place and if those controls are relevant to the type of threats it faces.  Controls act as safeguards that deter, detect, counteract and reduce the risks to enterprise networks, information systems, devices and sensitive data. The goal is to maintain the confidentiality and integrity of mission-critical business information and to keep it available to maintain normal operations.

Some controls are physical. Access to data centers, for example, is limited through locks, fences, guards and access cards. Digital controls include user names and passwords, two-factor authentication, antivirus software and firewalls. Cyber security controls, such as distributed denial-of-service mitigation and intrusion prevention systems, prevent attacks on data. With the growth of the cloud, many controls involve collaborating with service providers to protect data and applications.

From a business perspective, the cloud has brought a lot of productivity improvements and efficiencies. But it has also been a vector for the many different types of cyber security attacks that threaten organizations today.

Whether they are trying to steal information or just wreak havoc, threat actors can cripple an organization in myriad ways. Attacks can disrupt operations, inconvenience customers, tarnish reputations and put businesses in the crosshairs of regulators and consumer lawsuits.

One of the most popular attack tactics is account hijacking, in which bad actors try to gain control of your data and systems through user credentials or an application programming interface that connects to a cloud service. You should also be aware of malware, which is script or code used to steal data, eavesdrop or compromise the integrity of sensitive information. Denial-of-service attacks and distributed denial-of-service attacks can bring operations to a halt by taking over computing and network resources and making it impossible to access applications and data—or get any work done.  DDoS can also prevent customers from completing transactions on their websites, resulting in poor customer experience and loss of revenue.

Data loss is often the result of a cyber security attack, as deletion often disrupts the victim's business operations. A data breach means that a threat actor has accessed a system to steal data that's not meant for public consumption, such as personally identifiable information, personal health information, politically valuable information, trade secrets and intellectual property. A data breach is just one of many security incidents that IT teams must respond to and, ideally, prevent, along with unplanned disruptions, denial-of-service attacks, unauthorized processing or storage of data and unauthorized changes to system hardware, software or firmware.