4. The Need for Cybersecurity: Cyber Attacks 91 Ransomware is an attack on availability because it makes data unavailable. Hospitals are sometimes victimized by ransomware attacks. This causes a major and urgent crisis because if patients’ medical records are not available, it may not be possible to treat them. DoS attacks impact the availability of computer resources. Online stores can be taken offline in DoS attacks costing the victim sales. Availability is a core concern of IT even outside the presence of adversaries. An organization’s IT staff must not only prepare for deliberate attacks on availability, but they must also mitigate random acts of nature, accidents, and mistakes. They backup data regularly in case of hardware failures or accidental deletions. They install fire suppression systems to reduce the risk of fires destroying data and computer systems. They invest in generators and battery backups so systems can stay online even when there are power outages. Some of these measures perform double duty and are important for cybersecurity as well. Availability is achieved through access control and risk management. 4.3 Conclusion Cybersecurity is about protecting and respecting the rights of every individual and organization in cyberspace. This chapter has shown that a major part of this is preventing unauthorized access to computer systems and data and making sure that authorized users have access. Authorization is a central concept in cybersecurity. We have also seen that the goals of cybersecurity can be simplified into three categories that are the opposite of the goals of hackers: confidentiality, integrity, and availability (see Table 4.4). Table 4.4 Hacker goals and the corresponding cybersecurity goals. The central question answered in Chapters 5 through 10 of this textbook is how we go about accomplishing cybersecurity. Chapter 5 covers the overall approach to cybersecurity: cyber risk management. Chapter 6 covers the fundamental skill that we need to bring to all things concerning cybersecurity: adversarial thinking. Chapter 7 addresses the bedrock of cybersecurity: cryptography. Chapter 8 covers the means of preventing unauthorized access: access control. Chapter 9 covers practical strategies embodied in cybersecurity principles and practices. Finally, Chapter 10 covers the boundaries of cybersecurity: ethics, rights, and laws.
RkJQdWJsaXNoZXIy MTM4ODY=