Photo by Mati Mango: https://www.pexels.com/photo/numbers-projected-on-face-5952651/
Posted inCyber Security Popular

What is Cyber Security?

Cyber security encompasses three areas: Confidentiality, Integrity, and Availability (aka C.I.A)

  • Confidentiality
    • Only authorized users have access to your ICT (Information Communication & Technology) and data.
    • Unauthorised parties can’t gain access to your ICT, either via the Internet or on site.
    • Your security systems can’t be bypassed through hacking or a remote access tool.
    • Access is protected at minimum by a password and preferably by a two-factor-authentication (2FA). E.g. to withdraw money from an ATM, a bank card (something the user owns, factor 1) and a PIN number (something the user knows, factor 2) are required.
    • Your employees don’t open phishing emails. They don’t divulge passwords, personal data or other confidential information to unauthorized parties who request them under false pretenses.
    • Criminals can’t access confidential information by shoulder surfing (visual hacking).
  • Integrity
    • The data that you have processed is complete and correct.
    • The processes used to process data are correct and can be audited.
    • The stored data is accurate. It can’t be deleted or modified by an unauthorized party.
    • If the data is amended however, it can be recovered from a backup.
  • Availability
    • Your ICT is available and users have access to the system.
    • Your ICT cannot be put out of operation by a Distributed Denial of Service (DDoS) attack.
    • Regular backups ensure that business continuity is not jeopardized if an organization falls victim to ransomware or cryptoware, where hackers encrypt commercial information and only decrypt it on payment of a ransom.
    • The availability of your ICT can be jeopardized by malicious software, viruses or malware. Your business must take measures to prevent contamination by such software.

Cyber security can be jeopardized by security incidents.

The duties of care in the field of cyber security are designed to minimize the risk of such incidents and if, in spite of this, things do go wrong, to limit their impact. The following are examples of security incidents:

    • An employee loses a laptop or USB stick.
    • A hacker gains access to your company s intranet.
    • Malware disrupts the operation of your ICT.
    • An unauthorized party obtains a password that enables them to gain access to personal data.
    • The electronic lock of a car is unlocked without a key.
    • A fire or power cut in a data center means that data is temporarily unavailable.

Responsibility for other people’s security

A security incident disrupts your operations and damages your reputation. Often, your organization forms part of a chain. Your operations may be disrupted by a security incident that has occurred with one of your suppliers, contractors or resellers. Conversely, their operations may also be affected by your cyber security. Your business must take the interests of third parties into account (to a certain extent). Amongst other things, you must therefore ensure that your ICT is properly protected and that it is coordinated with the other parties in the chain. If you fail to comply with these duties of care, you may be held liable.

Tags: