More and more, businesses own information on many devices, apps and networks.
Beyond a network of desktops and phones, the Internet of Things presents a risk. This decentralisation makes it more important than ever to secure your digital information.
Businesses that consider information security will be the most adaptive. Needless to say, a security breach represents more than just financial loss. It can also damage your brand and erode customers' confidence in your business.
This post covers the five most important aspects of security in the digital era. Instead of just discussing technology, here we will cover principles of protecting information. Examples span from military history to modern cyberattacks.
Confidential information is, of course, private. This means that unauthorised individuals or systems must not be able to access it.
One way to protect confidential information is to encrypt it. An historic example of encryption is from World War II. The Germans had securely coded messaging, known now as Enigma. The British cracked this code and were able to decrypt the messaging. This was not a failure of encryption. It was because poor physical security allowed some of the technology and documentation to fall into British hands.
Encryption is still used today in the field of Information and Communication Technology. For example, a credit card transaction is encrypted when sent to the network. A confidentiality breach is someone intercepting and decoding the credit card number.
Integrity is the accuracy and consistency of information. If an unauthorised person changes information, they have violated its integrity. For example, tampering with evidence in a court trial would compromise its integrity. In military combat, an enemy might attack by changing a battle order before it reaches the troops.
Today, information security systems and algorithms support integrity. For example, blockchain uses hashing and a distributed network to ensure information integrity.
Availability of information means that you can access it when you need it. Information is stored in one system, protected by another and accessed by a third. All need to be in working order for information availability.
In the examples above, we discussed confidentiality and integrity. If an enemy is not able to intercept and decrypt information or corrupt it, then they can block access. Keeping someone from accessing their information can be an effective tactic in warfare.
A modern example is a Distributed Denial of Service (DDoS) attack against a website. This attack causes a flood of incoming messages to the target system, overloading it. When it shuts down, legitimate users can no longer access their information. A DDoS attack can stop a business from functioning. A famous example is the 28 February 2018 attack on GitHub, a popular developer platform. The site received 1.35 terabits of traffic per second (Tbps) and crashed.
Authenticity means that the parties in a transaction are who they say they are. An analogy would be pretending to be the courier carrying the battle order.
Another World War II example took place before the Battle of Pearl Harbor in Hawai'i. Japanese aircraft carriers sent fake radio transmissions while the attacking ships moved silently.
A modern day example is email spoofing. Here, spammers send messages from a fake address to mislead people. If the recipients decide to open spam or phishing emails, they could be at risk.
Now, digital security features usually include authentication. A digital signature proves that the message and sender are genuine.
Let's start by defining repudiation. Repudiation means denying something. One example is a shopping website disputing that it has received payment from a customer. So, non-repudiation means that someone cannot deny something. In a transaction, it means that no one can deny having received or sent something.
Non-repudiation often goes hand-in-hand with authentication. Digital signatures use private keys, which authenticate the sender and provide non-repudiation.
How to take control
So we have confidentiality, integrity, availability, authenticity and non-repudiation. Remember that security attacks will likely take advantage of more than one of these. So security measures need to prepare for a range of countermeasures.
The next time you hear terms like "denial-of-service protection" and "digital signature," you’ll know exactly what it means.
We welcome the chance to discuss your company’s security profile. Book a call today