Global Information Communication Technology (ICT) manufacturing company Huawei hosted a private media seminar at its local office on Wednesday, April 25 in Kingston.

The seminar aimed to clarify any potential misconceptions and misunderstandings among media reporters when covering incidents related to cybercrime and cybersecurity.

Speaking at the seminar, Huawei Deputy Cybersecurity and Data Protection Officer (CSPO) Gabriel Nunez explained that to establish strong cybersecurity principles organisations must adequately address three key areas, referred to in the industry as the CIA triad: Confidentiality, Integrity, and Availability.

According to cybersecurity outfit Fortinet, the CIA triad is a common model that forms the basis for the development of security systems. They are used for finding vulnerabilities and methods for creating solutions.

“This is the main framework that we follow in cybersecurity because it allows us to really separate things. Targets of cyberattacks can be very different and target different areas,” Nunez said.

Confidentiality

Confidentiality means establishing measures to keep data private. This means ensuring people without proper authorisation are prevented from accessing important assets.

To ensure confidentiality, Nunes says organisations should implement multifactorial identification. “In philosophy, this means ensuring the owners of the data are required to input something they know such as a password, something they have such as a pass key or access card and something that they are; biometric,” Nunez explained.

Implementing the three-layer protection makes it much harder for hackers to breach.

Integrity

Integrity involves ensuring data is trustworthy and free from tampering. The integrity of data is maintained only if it is authentic, accurate, and reliable.

Breaches such as what allegedly took place in the SSL Fraud Case. According to reports data was internally tampered with to falsely represent funds available to customers of the financial institution.

Availability

Availability means that systems, networks, and applications in the organisation must function as and when they should. Threats to the availability are usually the most targeted area for cyberattacks. Damage to a business’ availability can send a business into financial ruin. For example, if it becomes revealed that a financial institution lost access to its ability to release funds, the damage would be irreparable.

Cybersecurity vs cybercrime

Nunez explained that even with the best cybersecurity systems implemented, close to 80 per cent of breaches occur due to human error. He says the best way to further bolster security efforts is for organisations to educate their work staff on changes and updates in global cyber security standards and policies.

He explained that often people misunderstand the differences between cybersecurity and cybercrime. Cybersecurity is the protective measures implemented to protect an organisation’s computer systems and networks from digital attacks. In contrast, cybercrimes are illegal acts committed by using a computer that should be reported to law enforcement.

Jamaica Cyber Incident Response Team (JCIRT) is the arm of local law enforcement responsible for cybercrimes.

READ: Fortinet reports Jamaica suffered 43 million cyber attack attempts in 2023