The threat of cyber-attack is increasing every year, and only recently have we read about Dixon Carphone’s huge data breach last year. It’s bad for customers and it’s bad for business.
According to figures published by the Online Trust Alliance, 2017 was the worst yet in terms attacks on organisations. Attacks doubled from 82,000 incidents in 2016 to over 159,000 - and that’s just the ones we know about.
Keeping up to date with the latest cyber security threats is challenging to say the least. The time between vulnerability disclosure and attack launch is getting shorter all the time, and it’s easy for a hacker to change a line of code, and then fire off another - ever so slightly different - attack.
Effective cyber security is knowing what’s important to you and protecting it to the best of your abilities. One way to make things clearer is to break it down into three elements. The acronym might have already been taken by a well-known US institution but at least ‘CIA’ is memorable.
For our purposes, we’re taking about Confidentiality, Integrity and Availability.
CIA also applies to GDPR. A key principle of the new regulations is that you have to process personal data securely by means of ‘appropriate technical and organisational measures’ – this is called the ‘security principle’. Any measures must therefore ensure the confidentiality, integrity and availability of your systems and services and the personal data you process within them. These measures must also enable you to restore access and availability to personal data in a timely manner in the event of a physical or technical incident and businesses also need to ensure that they have appropriate processes in place to test the effectiveness of measures and undertake any required improvements.
All three of the CIA elements are required to ensure you remain protected. If one aspect fails, it could provide a way in for hackers to compromise your network and your data. However, the mix between the three parts is down to an individual company, the project or asset it is being deployed on. Some companies may value confidentiality above all, others may place most value on availability.
Whatever the combination, it’s important that the CIA triad is considered at all times and by doing so you protect your organisation against a range of threats, without having to spend too much time away from your core business.
Technology is no longer just an enabler; it is now the beating heart of most businesses and if it fails, the consequences can be terminal.