INVITATION TO CYBERSECURITY 90 4.2.3 Availability Availability means ensuring authorized users have access to their data and computer systems. We saw in the previous section on actions on objectives that some cyber attackers attempt to deny their targets access to data and computer systems. This can have a big impact because many times people cannot perform productive work if they cannot access their computers. Hackers that successfully attack availability can cause substantial financial harm. Ransomware is an attack on availability because it makes data unavailable. Hospitals are sometimes victimized by ransomware attacks. This causes a major and urgent crisis because if patients’ medical records are not available, it may not be possible to treat them. DoS attacks impact the availability of computer resources. Online stores can be taken offline in DoS attacks costing the victim sales. Availability is a core concern of IT even outside the presence of adversaries. An organization’s IT staff must not only prepare for deliberate attacks on availability, but they must also mitigate random acts of nature, accidents, and mistakes. They backup data regularly in case of hardware failures or accidental deletions. They install fire suppression systems to reduce the risk of fires destroying data and computer systems. They invest in generators and battery backups so systems can stay online even when there are power outages. Some of these measures perform double duty and are important for cybersecurity as well. Availability is achieved through access control and risk management. 4.3 Conclusion Cybersecurity is about protecting and respecting the rights of every individual and organization in cyberspace. This chapter has shown that a major part of this is preventing unauthorized access to computer systems and data and making sure that authorized users have access. Authorization is a central concept in cybersecurity. We have also seen that the goals of cybersecurity can be simplified into three categories that are the opposite of the goals of hackers: confidentiality, integrity, and availability (see Table 4.4). Table 4.4 Hacker goals and the corresponding cybersecurity goals.
RkJQdWJsaXNoZXIy MTM4ODY=