Cybersecurity For Dummies. Joseph Steinberg
Читать онлайн книгу.
New balances of power
While the militaries of certain nations have long since grown more powerful than those of their adversaries — both the quality and quantity of weapons vary greatly between nations — when it comes to cybersecurity the balance of power is totally different.
While the quality of cyberweapons may vary between countries, the fact that launching cyberattacks costs little means that all militaries have an effectively unlimited supply of whatever weapons they use. In fact, in most cases, launching millions of cyberattacks costs little more than launching just one.
Also, unlike in the physical world in which any nation that bombed civilian homes in the territory of its adversary can reasonably expect to face a severe reprisal, rogue governments regularly hack with impunity people in other countries. Victims often are totally unaware that they have been compromised, rarely report such incidents to law enforcement, and certainly don’t know whom to blame.
Even when a victim realizes that a breach has occurred and even when technical experts point to the attackers as the culprits, the states behind such attacks often enjoy plausible deniability (for example, they claim, “we didn’t do it, maybe someone else within our country did it” or the like), preventing any government from publicly retaliating. In fact, the difficulty of ascertaining the source of cyberattacks coupled with the element of plausible deniability is a strong incentive for governments to use cyberattacks as a mechanism of proactively attacking an adversary, wreaking various forms of havoc without fear of significant reprisals.
Furthermore, the world of cybersecurity created a tremendous imbalance between attackers and defenders that works to the advantage of less powerful nations.
Governments that could never afford to launch huge barrages against an adversary in the physical world can easily do so in the world of cyber, where launching each attack costs next to nothing. As a result, attackers can afford to keep attacking until they succeed — and they need to breach systems only once to “succeed” — creating a tremendous problem for defenders who must shield their assets against every single attack. This imbalance has translated into a major advantage for attackers over defenders and has meant that even minor powers can successfully breach systems belonging to superpowers.
In fact, this imbalance contributes to the reason why cybersecurity breaches seem to occur so often, as many hackers simply keep attacking until they succeed. If an organization successfully defends against 10 million attacks but fails to stop the 10,000,001, it may suffer a severe breach and make the news. Reports of the breach likely won’t even mention the fact that it has a 99.999999 percent success rate in protecting its data and that it successfully stopped attackers one million times in a row. Likewise, if a business installed 99.999 percent of the patches that it should have but neglected to fix a single known vulnerability, it’s likely to suffer a breach due to the number of exploits available to criminals. Media outlets will point out the organization’s failure to properly patch, overlooking its near perfect record in that area.
As such, the era of cybercrime has also changed the balance of power between criminals and law enforcement.
Criminals know that the odds of being caught and successfully prosecuted for a cybercrime are dramatically smaller than those for most other crimes, and that repeated failed attempts to carry out a cybercrime are not a recipe for certain arrest as they are for most other crimes. They are also aware that law enforcement agencies lack the resources to pursue the vast majority of cyber criminals. Tracking down, taking into custody, and successfully prosecuting someone stealing data from halfway across the world via numerous hops in many countries and a network of computers commandeered from law-abiding folks, for example, requires gathering and dedicating significantly more resources than does catching a thief who was recorded on camera while holding up in a store in a local police precinct. It is also far easier and more lucrative to launch cyberattacks against rich targets from a locale in which law enforcement can be “paid off” to look the other way, than it is to net the same reward via a physical robbery.
With the low cost of launching repeated attacks, the odds of eventual success in their favor, the odds of getting caught and punished miniscule, and the potential rewards growing with increased digitalization, criminals know that cybercrime pays, underscoring the reason that you need to protect yourself.
Looking at the Risks Cybersecurity Mitigates
People sometimes explain the reason that cybersecurity is important as being “because it prevent hackers from breaking into systems and stealing data and money.” But such a description dramatically understates the role that cybersecurity plays in keeping the modern home, business, or even world running, and in keeping humans safe from physical harm.
In fact, the role of cybersecurity can be looked at from a variety of different vantage points, with each presenting a different set of goals. Of course the following lists aren’t complete, but they should provide food for thought and underscore the importance of understanding how to cybersecure yourself and your loved ones.
The goal of cybersecurity: The CIA Triad
Cybersecurity professionals often explain that the goal of cybersecurity is to ensure the Confidentiality, Integrity, and Availability (CIA) of data, sometimes referred to as the CIA Triad, with the pun lovingly intended:
Confidentiality refers to ensuring that information isn’t disclosed or in any other way made available to unauthorized entities (including people, organizations, or computer processes). Don’t confuse confidentiality with privacy: Confidentiality is a subset of the realm of privacy. It deals specifically with protecting data from unauthorized viewers, whereas privacy in general encompasses much more.Hackers that steal data undermine confidentiality.
Integrity refers to ensuring that data is both accurate and complete.Accurate means, for example, that the data is never modified in any way by any unauthorized party or by a technical glitch. Complete refers to, for example, data that has had no portion of itself removed by any unauthorized party or technical glitch.Integrity also includes ensuring nonrepudiation, meaning that data is created and handled in such a fashion that nobody can reasonably argue that the data is not authentic or is inaccurate.Cyberattacks that intercept data and modify it before relaying it to its destination — sometimes known as man-in-the-middle attacks — undermine integrity.
Availability refers to ensuring that information, the systems used to store and process it, the communication mechanisms used to access and relay it, and all associated security controls function correctly to meet some specific benchmark (for example, 99.99 percent uptime). People outside of the cybersecurity field sometimes think of availability as a secondary aspect of information security after confidentiality and integrity. In fact, ensuring availability is an integral part of cybersecurity. Doing so, though, is sometimes more difficult than ensuring confidentiality or integrity. One reason that this is true is that maintaining availability often requires involving many more noncybersecurity professionals, leading to a “too many cooks in the kitchen” type challenge, especially in larger organizations. Distributed denial-of-service attacks attempt to undermine availability. Also, consider that attacks often use large numbers of stolen computer power and bandwidth to launch DDoS attacks, but responders who seek to ensure availability can only leverage the relatively small amount of resources that they can afford.
From a human perspective
The risks that cybersecurity addresses can also be thought of in terms better reflecting the human experience:
Privacy risks: Risks emanating from the potential loss of adequate control over, or misuse of, personal or other confidential information.
Financial risks: Risks of financial losses due to hacking. Financial losses can include both those that are direct — for example, the theft of money from someone’s bank account by a hacker who