Hello, and welcome back to this next TomCast from GuardSight; we are a tactical cybersecurity-as-a-service organization dedicated to helping businesses protect their data, their assets, and their endpoints.
Today we are going to wrap up the three part series on the CIA Triad, the very foundation of cybersecurity. We’re focusing on that last letter today; the letter A. Remember what that letter stands for? Availability, for those of you that are tuning in for the first time or that might’ve forgotten.
Why availability? Why would one of the foundations of cybersecurity focus on availability? What does availability even mean? I will do my part to answer each one of these questions in detail to clear up any fog or misconceptions that may be out there. Let’s start with what availability is or means.
Availability, as defined by the Cambridge dictionary, means “the fact that something can be bought, used, or reached, or how much it can be”. The fact that something can be bought, used, or reached. Why would that be something related to cybersecurity? Shift the focus from a physical object for a moment and think about logical resources. Network-based information, web-based resources, whether or not systems are online or offline. Availability in these cases focuses on whether or not you can reach those resources and access them.
In e-commerce availability becomes a top priority. Why? Well, that is the main source of revenue. Organizations make their money selling their products online, so if the websites or products are not available, money isn’t spent, and the company doesn’t generate revenue. Ok, that makes sense, but why again would that be a cybersecurity concern versus an operations-related concern or application-based concern?
While availability issues may require input from operations, applications, or other teams, cyber is directly involved due to the reasoning behind the availability issue. What caused the lack of availability? Was it simply a server power outage, or was it a threat actor generating a distributed denial of service (otherwise known as DDOS) attack that flooded the network and caused web requests to get denied? What if it was an insider threat that deliberately took a network segment offline?
These examples are directly handled by cybersecurity. Whether it be preventative measures to ensure that these examples do not occur, or if it becomes an incident response scenario that needs to be corrected, cybersecurity teams are required to address availability threats and maintain logical and physical availability of organizational resources.
Did you catch that? Yes, I mentioned physical availability at the end there, as physical security of an organizations assets is also a cybersecurity concern. Physical security and logical security go hand in hand; if the threat actor cannot access the building, chances are the assets within that building are safer. If the threat actor cannot access the network, chances are the assets on that network are safer.
So, hopefully now you all understand why availability is part of the CIA triad. Many organizations out there require access to their resources 24 hours a day. Again, considering an online retailer, access and data/product availability is crucial to the success of the business, so that availability needs to be protected and ensured at all times.
If you are experiencing an availability-related issue, if you have questions surrounding availability of physical or logical assets and resources, or if you simply want to understand more about how to protect availability in general, reach out to the folks here at GuardSight! They have been protecting data, asset, and endpoint availability for many years and would be happy to collaborate with you to help you gain a better understanding of that particular foundation.
We here at GuardSight thank you for taking the time to listen to this TomCast. For more information on various cybersecurity tips head on over to our website and check out more TomCasts. Those are located over on www.guardsight.com/tomcast. Or, if you would like more information on what GuardSight can do for you, head on over to www.guardsight.com and contact us. There are several free cybersecurity tools out there that can help you improve your overall security posture. We’d love to hear from you! Thanks!