Availability in#cybersecurity is crucial for ensuring reliable access to data and systems for authorized users. As a pivotal aspect of the CIA triad, alongside confidentiality and integrity, the importance of availability extends across various facets of an organization’s operations.
The consequences of a loss in availability can be wide-ranging and impactful:
- Operational Disruption: Unavailability can halt or severely disrupt business operations, leading to inefficiencies and delays in services1.
- Financial Loss: Downtime often translates into direct financial loss due to the costs of mitigation and lost revenue during the period of unavailability2.
- Reputational Damage: Persistent availability issues can erode trust and damage an organization’s reputation, affecting customer loyalty and long-term profitability3.
- Legal and Compliance Issues: Failure to meet availability standards can result in legal repercussions, especially in regulated industries like healthcare and finance.
- Safety Risks: In critical sectors, such as healthcare or industrial control systems, availability is directly linked to safety. Disruptions in these sectors can pose severe risks to public safety and well-being4.
Ensuring high availability is thus a comprehensive necessity, encompassing technical, operational, and strategic dimensions. To promote availability, various controls and techniques are utilized:
- Redundant Data Storage and Systems: Using multiple components (like servers or databases) to ensure system functionality even if one component fails.
- Regular Maintenance and Updates: Ensuring systems are up-to-date to prevent breakdowns or vulnerabilities that could disrupt access.
- Network and Bandwidth Management: Properly managing network resources to handle peak loads and prevent bottlenecks.
- Disaster Recovery and Business Continuity Planning: Developing and implementing plans to recover from significant disruptions and maintain business operations.
- Load Balancing: Distributing workloads across multiple computing resources to ensure no single resource is overwhelmed.
- Monitoring and Incident Response: Continuously monitoring systems for issues and having a responsive incident response plan for quick resolution of problems.
These techniques play a crucial role in ensuring that systems and data are always available when needed, thereby maintaining the seamless operation of business processes.
Footnotes
-
The 2016 DDoS attacks on Dyn resulted in many services being unavailable in North America and Europe for over 9 hours. Notable services that become unavailable included Amazon, BBC, CNN, Fox News, GitHub, Netflix, PayPal, Reddit, Shopify, Slack, Spotify, Starbucks, Twitter, WSJ, Yelp, the Swedish Government’s digital services, and dozens of other large private and public services. ↩
-
The NotPetya 2017 cyberattack is widely regarded as one of the most financially harmful cyerattacks to date with large companies like Maersk reporting losses of
300 million, FedEx losing an estimated 10 billon in estimated damages globally. ↩ -
One of the largest agencies hit by 2017 WannaCry ransomeware attack was the United Kingdom’s NHS. In a study conducted by the United Kingdom’s NIHR and North West London PSRC—A retrospective impact analysis of the WannaCry cyberattack on the NHS. NHS organizations were locked out of systems and devices like MRI scanners and admissions systems. NHS organizations were also forced to cancel 13,500 outpatient appointments, with at least 139 of those appointments belonging to patients identified as potentially having cancer. This breach was highly visible to NHS patients and resulted in widespread criticism of the NHS’s response to the attack and trust in its ability to manage its own IT infrastructure. ↩
-
The 2015 Ukraine power grid hack occurred on December 23, 2015 and caused a loss of power for 230,000 people for 1 to 6 hours. This resulted in a loss of heating for impacted people during dangerously a dangerously cold time of year in Ukraine. ↩