Differences

This shows you the differences between two versions of the page.

--- en:iot-reloaded:cybersecurity_concepts [2024/12/10 18:26] – blanka
+++ en:iot-reloaded:cybersecurity_concepts [2025/05/13 18:01] (current) – [What is cybersecurity] pczekalski
@@ Line 7: / Line 7: @@
 After understanding cybersecurity, it is also essential to understand what a cyberattack is. A cyberattack can be considered any deliberate compromise of an information system's confidentiality, integrity, or availability. That is unauthorised access to a network, computer system or digital device with a malicious intention to steal, expose, alter, disable, or destroy data, applications or other assets. A successful cyberattack can cause a lot of damage to its victims, ranging from loss of data to financial losses. An organisation whose systems have been compromised by a successful cyber attack could lose its reputation and be forced to pay for damages incurred by customers due to a successful cybersecurity attack.
-The question is why should we be worried about cybersecurity attacks, especially in the context of IoT. The widespread adoption of IoT to improve business processes and personal well-being has exponentially increased the options available to cybercriminals to conduct cybersecurity attacks, increasing cybersecurity-related risks for businesses and individuals. This underscores the need for IoT engineers, IT engineers, and other non-IT employees to understand cybersecurity concepts.
+The question is: Why should we be worried about cybersecurity attacks, especially in the context of IoT? The widespread adoption of IoT to improve business processes and personal well-being has exponentially increased the options available to cybercriminals to conduct cybersecurity attacks, increasing cybersecurity-related risks for businesses and individuals. This underscores the need for IoT engineers, IT engineers, and other non-IT employees to understand cybersecurity concepts.
 ===== The confidentiality, integrity and availability (CIA) triad =====
@@ Line 40: / Line 40: @@
   * The accuracy of the data is preserved by ensuring that the data is not altered or aggregated either by human error or malicious attacks in such a way that affects the results of further processing and analysis of the data.
   * The consistency of the data should be maintained by ensuring that the data is unchanged regardless of how often it's accessed and no matter how long it's stored.
-  * Data safety should be ensured by guaranteeing that it is securely maintained and accessed only by authorised applications and individuals. Data security methods such as authentication, authorisation, encryption, backups, etc., can be used to ensure that the data is not altered or destroyed by unauthorised applications or individuals.
+  * Data safety should be ensured by guaranteeing it is securely maintained and accessed only by authorised applications and individuals. Data security methods such as authentication, authorisation, encryption, backups, etc., can ensure that unauthorised applications or individuals do not alter or destroy the data.
 The IoT system designers, manufacturers, developers, and operators should ensure that the data collected is not lost, leaked, or corrupted during transportation, processing, or storage. As the data collected by IoT sensors is growing and lots of companies depend on the results from the processing of IoT data for decision-making, it is vital to ensure the integrity of the data. It must be assured that the IoT data collected is complete, accurate, consistent and secure throughout its lifecycle, as compromised data is of little or no interest to organisations and users. Also, data losses due to human error and cyberattacks are undesirable for organisations and users. Physical and logical factors can influence the integrity of the data.
   * Physical integrity: It includes the various ways the integrity of the data can be compromised during transportation, storage and retrieval. During the transportation of data, some parts of the data could be lost due to packet losses occurring at the network equipment or packet errors caused by a disturbance in the transmission media. Also, data could be lost due to physical damage to the storage or computing devices. The integrity of the data could be compromised due to the following reasons:
       * Hardware failures and faults.
       * Design failures and negligence.
-      * Natural failures that may result from the deterioration of the hardware device (e.g., corrosion).
+      * Natural failures may result from the deterioration of the hardware device (e.g., corrosion).
       * Power failures and outages.
       * Natural disasters.
       * Environmentally induced failures resulting from extreme environmental failures like high temperatures.
-      * Cyberattacks that are designed to cause hardware failures or power failures (e.g., energy depletion attacks).
+      * Cyberattacks designed to cause hardware or power failures (e.g., energy depletion attacks).
       The physical integrity of data could be enforced by:
         * Implementing redundancy in data storage systems to ensure that failure of a storage memory will not result in data losses.
@@ Line 88: / Line 88: @@
   * Ensuring effective operation and maintenance processes.
   * Ensuring effective and efficient energy sources and energy storage systems.
-  * To increase the lifetime of IoT nodes, energy consumption should be minimised.
+  * Energy consumption should be minimised to increase the lifetime of IoT nodes.
   * Software design flaws and bugs should be resolved immediately and quickly to minimise downtimes.
   * The physical storage locations of hardware infrastructure should be carefully secured.
-  * Effective authentication and authorisation mechanisms should ensure that authorised users have access to the systems when needed.
+  * Effective authentication and authorisation mechanisms should ensure that authorised users can access the systems when needed.
   * Cybersecurity systems should be carefully implemented and configured to minimise performance degradation and downtimes resulting from malfunctioning.
   * Ensuring the networking systems are correctly configured with appropriate security mechanisms and networking failures are quickly resolved.
@@ Line 131: / Line 131: @@
   * Deploying threats (intrusion) detection and prevention systems.
-**Attack surface**: An attack surface is a location or possible attack vectors that cybercriminals can target or use to compromise data and information systems' confidentiality, integrity, and availability. Organisations and individuals should always strive to minimise their attack surfaces; the smaller the attack surfaces, the smaller the likelihood that their data or information systems will be compromised. So, they have to constantly monitor their attack surfaces to detect and block attacks as soon as possible and minimise the potential risk of a successful attack. Some of the common attack surfaces are poorly secured devices (e.g., devices such as computers, mobile phones, hard drives, and IoT devices), weak passwords, a lack of email security, open ports, and a failure to patch software, which offers an open backdoor for attackers to target and exploit users and organisations. Another common attack surface is weak web-based protocols, which hackers can exploit to steal data through man-in-the-middle (MITM) attacks. There are two categories of attack surface, which include ((Fortinet, What Is An Attack Surface?, https://www.fortinet.com/resources/cyberglossary/attack-surface))
+**Attack surface**: An attack surface is a location or possible attack vectors that cybercriminals can target or use to compromise data and information systems' confidentiality, integrity, and availability. Organisations and individuals should always strive to minimise their attack surfaces; the smaller the attack surfaces, the smaller the likelihood that their data or information systems will be compromised. So, they must constantly monitor their attack surfaces to detect and block attacks as soon as possible and minimise the potential risk of a successful attack. Some of the common attack surfaces are poorly secured devices (e.g., devices such as computers, mobile phones, hard drives, and IoT devices), weak passwords, a lack of email security, open ports, and a failure to patch software, which offers an open backdoor for attackers to target and exploit users and organisations. Another common attack surface is weak web-based protocols, which hackers can exploit to steal data through man-in-the-middle (MITM) attacks. There are two categories of attack surface, which include ((Fortinet, What Is An Attack Surface?, https://www.fortinet.com/resources/cyberglossary/attack-surface))
-  * **Digital attack surface**: This kind of attack surface consists of all the software and hardware systems found within an organisation's infrastructure. These include applications, code, ports, servers, websites, and sensor devices (in the case of IoT devices). With the deployment of tens of millions to hundreds of millions of IoT devices, the attack surfaces created by IoT infrastructure from the sensor layer, through the networking infrastructure, to fog/cloud computing infrastructure is vast.
+  * **Digital attack surface**: This kind of attack surface consists of all the software and hardware systems found within an organisation's infrastructure. These include applications, code, ports, servers, websites, and sensor devices (IoT devices). With the deployment of tens of millions to hundreds of millions of IoT devices, the attack surfaces created by IoT infrastructure from the sensor layer, through the networking infrastructure, to fog/cloud computing infrastructure is vast.
   * **Physical attack surface**: This kind of attack surface consists of all endpoint devices that an attacker can gain physical access to, such as desktop computers, hard drives, laptops, mobile phones, Universal Serial Bus (USB) drives, and IoT devices (in the case of IoT systems). Some physical attack surfaces include carelessly discarded hardware containing user data and login credentials, user passwords written on pieces of paper, and unauthorised access to the physical location where sensitive assets are stored.
 A practical attack surface management provides the following advantages to organisations and individuals:
@@ Line 141: / Line 141: @@
   * Minimise the possibility of successful cybersecurity attacks.
 As IT infrastructures increase and are connected to external IT systems over the internet, they become more complex, hard to secure, and frequently targeted by cybercriminals. Some of the ways to minimise attack surfaces to reduce the risk of cyberattacks include:
-  * The implementation of zero-trust policies ensures that only authorised users and applications can access information resources (computing devices, sensor devices, networks, servers, databases, etc.). This eliminates or reduces the chances of unauthorised access.
+  * Implementing zero-trust policies ensures that only authorised users and applications can access information resources (computing devices, sensor devices, networks, servers, databases, etc.). This eliminates or reduces the chances of unauthorised access.
   * Reducing unnecessary complexities by turning off or removing unused hardware devices and software from the IT infrastructure to reduce the attack surfaces that cybercriminals can exploit.
   * Perform regular security audits and scan the entire network and IT systems to identify vulnerabilities (both hardware and software) that cybercriminals could exploit and resolve to reduce the attack surface that cybercriminals can exploit.
@@ Line 164: / Line 164: @@
 **Authentication**: Authentication is an access control mechanism that makes it possible to verify that a user, device, or application is who they claim to be. The authentication credentials (username and password) are matched against a database of authorised users or data authentication servers to verify their identities and ensure they have access rights to the device, servers, application or database. Using a username or ID and a password for authentication is called single-factor authentication. Recently, organisations, especially those dealing with sensitive data (e.g., banks), require their users and applications to provide multiple factors for authentication (rather than only an ID and password), resulting in what is now known as multi-factor authentication. In the case of two factors, it is known as two-factor authentication. Using human features such as fingerprint scans, facial or retina scans, and voice recognition is known as biometric authentication ((Nick Barney, Authentication, https://www.techtarget.com/searchsecurity/definition/authentication)). Authentication ensures the confidentiality and integrity of data and information systems by allowing only authenticated users, applications, and processes access valuable and sensitive resources (e.g., computers, wireless networks, wireless access points, databases, websites, and other network-based applications and services).
-**Authorisation**: Just like authentication, authorisation is another process often used to protect data and information systems from being abused or misused by cybercriminals and unintended (or intended) actions of authorised users. Authorisation is the process of determining the access rights of users and applications to ensure they have the right to perform the action they are trying to perform. That is, unlike authentication, which verifies the users' identities and then grants them access to the systems, authorisation determines the permissions they have to perform specific actions. One example of authorisation is the Access Control List (ACL), which allows or denies users and applications access to particular information system resources and to perform specific actions. General users may be allowed to perform some actions but may be refused permission to perform others. In contrast, super users or system administrators can perform almost every action in the system. Also, some users are authorised to access some data and are denied access to more sensitive data; thus, in database systems, general users may be permitted to access less sensitive data, and the administrator is permitted access to more sensitive data.
+**Authorisation**: Just like authentication, authorisation is another process often used to protect data and information systems from being abused or misused by cybercriminals and unintended (or intended) actions of authorised users. Authorisation is the process of determining the access rights of users and applications to ensure they have the right to perform the action they are trying to perform. Unlike authentication, which verifies the users' identities and then grants them access to the systems, authorisation determines the permissions they have to perform specific actions. One example of authorisation is the Access Control List (ACL), which allows or denies users and applications access to particular information system resources and to perform specific actions. General users may be allowed to perform some actions but may be refused permission to perform others. In contrast, super users or system administrators can perform almost every action in the system. Also, some users are authorised to access some data and are denied access to more sensitive data; thus, in database systems, general users may be permitted to access less sensitive data, and the administrator is permitted access to more sensitive data.
-**Access control**: It consists of the various mechanisms designed and implemented to grant authorised users access to information system resources and to control the actions that they are allowed to perform (e.g., view, modify, update, install, delete). It can also be the control of an organisation's physical access to critical resources. It ensures that the confidentiality and integrity of data and information systems are not compromised. Thus, physical access controls physical access to critical resources, while logical access control controls access to information systems (networks, computing nodes, servers, files, and databases). Access to locations where critical assets (servers, network equipment, files) are stored is restricted using electronic access control systems that use keys, access card readers, personal identification number (PIN) pads, auditing and reports to track employee access to these locations. Access to information systems (networks, computing nodes, servers, files, and databases) is restricted using authentication and authorisation mechanisms that evaluate the required user login credentials, which can include passwords, PINs, biometric scans, security tokens or other authentication factors ((Gavin Wright,What is access control?, https://www.techtarget.com/searchsecurity/definition/access-control )).
+**Access control**: It consists of the various mechanisms designed and implemented to grant authorised users access to information system resources and to control the actions that they are allowed to perform (e.g., view, modify, update, install, delete). It can also control an organisation's physical access to critical resources. It ensures that the confidentiality and integrity of data and information systems are not compromised. Thus, physical access controls physical access to critical resources, while logical access control controls access to information systems (networks, computing nodes, servers, files, and databases). Access to locations where critical assets (servers, network equipment, files) are stored is restricted using electronic access control systems that use keys, access card readers, personal identification number (PIN) pads, auditing and reports to track employee access to these locations. Access to information systems (networks, computing nodes, servers, files, and databases) is restricted using authentication and authorisation mechanisms that evaluate the required user login credentials, which can include passwords, PINs, biometric scans, security tokens or other authentication factors ((Gavin Wright,What is access control?, https://www.techtarget.com/searchsecurity/definition/access-control )).
 **Non-repudiation**: It is a way to ensure that the data sender does not refute that it sent the data and that the receiver does not deny that it received the data. It also ensures that an entity that signs a document cannot refute its signature. It is a concept adopted from the legal field and has become one of the five pillars of information assurance, including confidentiality, integrity, availability, and authentication. It ensures the authenticity and integrity of the message. It provides the sender's identity to the receiver and assures the sender that the message was delivered without being altered along the way. In this way, the sender and receiver cannot deny they send, receive or process the data. Signatures can be used to ensure non-repudiation as long as they are unique for each entity.
-**Accountability**: Accountability requires organisations to take all the necessary steps to prevent cyberattacks and mitigate the risk of a possible attack. In case an attack occurs, the organisation must take responsibility for the damages and engage relevant stakeholders to handle the consequences and prevent future attacks. It must also accept responsibility for dealing with security challenges and fallouts from security breaches.
+**Accountability**: Accountability requires organisations to take all the necessary steps to prevent cyberattacks and mitigate the risk of a possible attack. If an attack occurs, the organisation must take responsibility for the damages and engage relevant stakeholders to handle the consequences and prevent future attacks. It must also accept responsibility for dealing with security challenges and fallouts from security breaches.