Module 1: The Need for Cyber Security

Introduction

Cybersecurity has become a critical focus in today's increasingly connected world, where
the rapid growth of digital platforms and services exposes sensitive data to a variety of
risks. With cybercrime rising steadily, the demand for cybersecurity professionals has
grown significantly. Cybersecurity involves safeguarding online identities, sensitive data,
and systems from various cyber threats. Understanding these risks and the motives
behind cyberattacks such as financial gain, political agendas, or intellectual property theft
is essential for building effective defense mechanisms. The role of cybersecurity
professionals is complex and requires a skillset that mirrors that of cybercriminals, but
with an emphasis on ethical and legal practices (Bada & Sasse, 2021).

Types of Organizational Data

Corporate data is typically categorized into traditional and emerging types. The
increasing sophistication of cyberattacks has made it crucial to protect these different
types of data.

Traditional Data

Personnel Information. Includes application materials, payroll, employee

agreements, and other personal data crucial for human resources.
Personnel data is vital for managing HR functions, from hiring to payroll and benefits
(Gartner, 2023).

Intellectual Property (IP). This includes patents, trademarks, and business

strategies that represent a company’s competitive edge.
Intellectual property provides a competitive advantage and is one of the most valuable
assets of an organization. A breach, like the 2020 Marriott data breach, demonstrated the
severe risks associated with compromised IP (Kaspersky, 2021).
Financial Data. Consists of balance sheets, income statements, and other
financial metrics.

Financial data is crucial for evaluating a company’s performance, supporting decisions

related to investments, and assessing risk (IBM, 2022).

Emerging Data Types

Internet of Things (IoT). A network of physical objects that communicate and

share data via the internet. Examples include smart appliances, sensors, and industrial
machines. The IoT generates vast amounts of data that must be protected. As IoT devices
increase, they pose significant cybersecurity risks, as seen in recent attacks on smart
home systems (Forbes, 2023).
INFORMATION ASSURANCE AND SECURITY 1
 Big Data. Refers to massive datasets that traditional data-processing tools cannot
handle effectively. These data sets offer valuable insights but also pose significant
security challenges.
The integration of IoT with cloud services has led to an explosion of Big Data. Businesses
leverage Big Data for predictive analytics and decision-making, but securing this data has
become a major concern (McKinsey, 2023).

The CIA Triad (Confidentiality, Integrity, and Availability)

The CIA Triad is the cornerstone of cybersecurity,

encapsulating the core principles that guide the development
of effective security policies.

Confidentiality. Ensures sensitive data is accessible

only to those authorized to view it. This principle is vital in
preventing unauthorized access and data breaches, such as
the 2021 Facebook data breach, where personal user
Source: Google information was exposed (ZDNet, 2021).

Integrity. Ensures the accuracy and trustworthiness of data by preventing

unauthorized changes. A key example of this is the impact of cyberattacks targeting
financial institutions, where data manipulation can lead to significant financial loss
(Akamai, 2022).

Availability. Ensures that data and systems are accessible when needed,
ensuring continuous service for users. Ransomware attacks, like the 2021 Colonial
Pipeline attack, highlight the devastating effects of an availability breach (Reuters, 2021).
Significance of the CIA Triad

The CIA Triad provides a foundational framework for cybersecurity strategies. It helps
organizations structure their security measures to safeguard against a wide range of
cyber threats, ensuring data protection, system reliability, and continuous access to
critical resources (Smith & Lang, 2022).

Impact of Security Breach

A cybersecurity breach can lead to
financial, reputational, and
operational damage. Even
organizations with robust
cybersecurity frameworks can fall
victim to advanced threats. Source: Google

INFORMATION ASSURANCE AND SECURITY 1

For example, Ransomware-as-a-Service platforms have allowed even amateurs to
conduct highly sophisticated cyberattacks, making it more difficult for organizations to
prevent attacks (Symantec, 2023). Organizations must adopt a proactive approach,
investing in rapid response systems to minimize data loss and operational downtime
(PwC, 2022).

Types of Attackers (check 3rd column but not limited to what’s in the tables, okay?)

Cybercriminals come in various forms, each with different motives and tactics:
Cyber Brief Definition Attacker Real-World Example Strategies for Protection
Threat
Malware Software designed to perform Career cybercriminals, The ILOVEYOU worm in Robust endpoint
malicious tasks on devices or state-sponsored actors 2000 infected over 10 million protection, regular system
networks. Windows computers via email. updates.
Ransomware Encrypts files and demands Career cybercriminals, November 2023 attack on Regular backups, strong
payment for decryption keys. organized crime Yamaha Motor Philippines by access controls, user
groups INC Ransom gang. education.
Phishing Attempts to trick individuals Career cybercriminals, Emotet trojan spreading Security awareness
Attacks into revealing sensitive script kiddies through emails to steal training, email filters.
information. financial information from
banks.
DDoS Overload networks with traffic Hacktivists, organized October 2016 Mirai botnet DDoS mitigation services,
Attacks to make services unavailable. crime groups attack targeting Dyn DNS, Content Delivery
disrupting major websites. Networks (CDNs).
Social Manipulate people into Career cybercriminals, 2022 Cisco ransomware Foster a culture of security
Engineering compromising their security hacktivists attempt using voice phishing to awareness through
through psychological tactics. bypass MFA. continuous employee
training.
Source: Assignment of Blanker, Ronnie S., Gruco, Mark Lorenz M., and Opiniano, Jaymar D.

Source: Assignment by John Ivan A. Galang, Charles Laurence A. Gula, Earl Kim Hernani,
and Venz Runneil A. Milado

INFORMATION ASSURANCE AND SECURITY 1