Blog

We are passionate about the work we do, which is why we regularly research and update our blog with original content to keep you updated with industry news.

What Cyber Security Types Are There?

Date Thursday, 09 December 2021 Michael Raisbeck , In: Technical

What Cyber Security Types Are There?

For businesses, it is vital to start to manage risk associated with cyber threats to help protect themselves, their brand and clients. It is more crucial than ever before to be aware of the cyber security types available to protect their web applications, networks and data.

 

Cyber Security Types Available to Protect Your Business

To protect, we must first understand the different types of cyber security and how to adapt them to defend against cyber attacks. Cyber security is not a one size fits all and instead needs to be tailored to your organisation and risk strategy. Some areas of cyber security overlap, and addressing each area will help ensure you are covering the three aspects of the CIA Triad. Regardless of the cyber security type, they all serve the same agenda: to ensure the confidentiality, integrity, and availability of your digital assets.

CIA Triad Infographic

 

Cyber Security or Information Security?  

There are many acronyms and buzzwords in the IT and Cyber Security industry, and many people use these interchangeably – the two most common are cybersecurity and information security, sometimes referred to as InfoSec. These disciplines are related but they are not the same thing – but used together they complement each other providing a holistic approach to security.

 

What’s the Difference?

InfoSec focuses on all types of information and does not discriminate about its form (covers both digital and physical formats), whereas Cyber Security is the art of protecting your digital assets and people from cyber-attacks.

The UK National Cyber Security Centre (NCSC) defines cybersecurity as “Cyber security is how individuals and organisations reduce the risk of cyber-attack with its core function to protect the devices we all use (smartphones, laptops, tablets, and computers), and the services we access - both online and at work - from theft or damage”

Armed with this new information let's dive into the cyber security types all businesses and individuals should consider.

 

Cyber Security Types to Consider

Network Security       

The security of your network security is of key importance. All businesses use their network every day, and most depend on it functioning correctly to conduct business effectively, with any form of disruption to the network considered disastrous. Network security includes the controls and activities that are designed to guard the integrity of your networking infrastructure including; defending against unauthorised access, hacking attempts, employee misuse, and segregating internal networks where applicable.

Network security can be broken down into three categories:

  • Physical: Preventing unauthorised access to your physical networking infrastructure: this includes, routers, switches, access points to name a few.
  • Technical: Covers the technical controls in place to help secure the network, this includes, network segmentation, VLANS, ACLs.
  • Administrative: This includes company policies, standards, processes, and work instructions that control and define access to the network.

Common threats to the network include:

  • Viruses, Malware and Ransomware
  • Insiders Threat (Contractors and also Employees)
  • Hackers and Cyber Criminals
  • Denial of service (DoS) and distributed denial of service (DDoS) attacks
  • Hardware, firmware, or software vulnerabilities

This area of cybersecurity ensures that your network infrastructure, from devices, applications including end-users, works securely. Networks are a crucial part of the IT environment; organisations should not underestimate the importance of getting this right.

There are many security technologies and solutions that can help you implement best practices. Some of the cyber security solutions to protect networks include:

  • Firewalls
  • Intrusion detection systems (IDS) and intrusion protection systems (IPS)
  • Virtual private networks (VPNs)
  • Vulnerability Scans and Management

Cyber Security Definition

 

Endpoint Security               

Endpoint security should also not be overlooked, ensuring that they are fully patched, running anti-virus/malware protection and the local hard drives are encrypted. Businesses can’t rely on network security to always protect them, especially with a hybrid and mobile workforce meaning the network perimeter is now not always defined.

Endpoints that you must secure are:

  • Desktops/Laptops and Servers
  • Mobile devices (smartphones and tablets)
  • Network devices such as routers and switches and access points
  • Connected, or Internet of Things (IoT) devices, (Printers, Smart Fridges, etc)

New trends in the light of COVID-19 such as remote and hybrid working, and bring your own device (BYOD) create additional risks and complexities for securing endpoints.

 

Cloud Security     

Cloud security refers to processes, policies, and technical controls you put in place to mitigate security threats in a cloud-computing environment. Examples of public cloud computing include Amazon AWS and Microsoft Azure or private cloud like VMware or OpenStack. Regardless of the cloud-computing model you are using, of which there are three, public, private and hybrid, cloud computing presents some unique challenges of its own. This type of cyber security has several unique challenges, such as:

  • Visibility: Your organisation has less visibility into data stored in the cloud, this is because services are accessed outside the network and generally managed by the 3rd party cloud provider.
  • The multi-cloud: Many organisations now have some sort of multi-cloud environments, and this trend will likely continue to grow.
  • Compliance: The reliance on an outside provider when you use the public cloud adds another layer to your regulatory compliance management process.
  • Cost Management: if not managed correctly, costs can quickly spiral.

Another challenge arises from the shared-responsibility model this differs on the type of cloud service, but in general terms:

  • The provider is responsible for the security “of” the cloud, or the underlying infrastructure
  • The cloud consumer (your organisation) is responsible for the security “in” the cloud, or the cloud assets such as data and the management

Cloud Security

Cloud Security Solutions

Some of the cloud security solutions and best practices to consider for securing the cloud are:

  • Enable MFA on all accounts
  • Enable security logs
  • Consider a CASB vendor
  • Encrypt your data
  • Double-check your compliance requirements

 

Application Security  

Application security is often overlooked, demonstrated by several high-level hacks in recent years.  In fact, Security in the Internet of Things (IOT) is often not even considered by a manufacturer leaving users extremely vulnerable.

Application security should be a major focus for developers and also the executive leadership team, and goes far beyond the design and development process. Even if you’re only deploying commercial off-the-shelf software or applications, you need to continuously ensure that they remain secure throughout their lifecycle; penetration testing and vulnerability assessments can assist with this.

Vulnerabilities are the most significant risk; cybercriminals use these to get a foothold into your application or environment. There are countless examples of breaches showing the devastation this can cause. For example, the data breach fine from the Marriot Hotel breach was £18.4m, this doesn’t include private litigation and damage to reputation/brand. The application cyber attack in this instance exploited a weakness in the Microsoft Windows operating system, with the cost to the business climbing into the billions of dollars.

 

Besides vulnerabilities, other challenges in application security include:

  • SQL and other code injections
  • Cross-Site Scripting (XSS)
  • DDoS attack
  • Weak access controls
  • Lack of encryption
  • Misconfigurations (Missing Headers, controls, or human error)

Some of the practices and solutions to consider for this type of cybersecurity:

  • Risk assessment and patchingKeep your applications and software up to date.
  • Access controls: Controlling access to applications can greatly reduce security risks.
  • Secure Development: Develop and use a Secure Software Development Lifecycle approach to development.
  • Web Application Firewall: Deploy a web application Firewall to protect your web applications where possible.

 

Penetration Testing

 

Internet Security

The majority of threats faced by users are internet-borne and so this cyber security type should definitely be key consideration to protect your organisation. Although other types of cybersecurity, including network and cloud, help defend against internet threats, the prevalence and magnitude of these threats warrant placing internet security into its own category. While internet security is often viewed as securing the data in transit over the internet, it encompasses much more than that.

To help protect your organisation you may consider the below:

DNS-layer protection: A device that has been compromised in a malware attack will typically try and communicate with a command-and-control centre. Blocking these types of requests before the device connects to the internet can help mitigate/stop this type of threat.

Email security: Phishing is the bane of every user and IT admins life, it's relentless but many people still fall for It; blocking emails that contain malicious links and attachments can prevent employees from falling for phishing schemes, software like Barracuda is an excellent mitigation against this. You may also consider encrypting emails and applying SPF and DMARC to your email solution.

URL filtering:  Restricts the types of websites your organisation can access, enabling you to block websites based on risk, content, or custom criteria.  

 

Identity Security

As you discover the cyber security requirements that your organisation needs, one other cyber security type to consider is Identity Management. Our interconnected digital world means many operations revolve around access to data in digital form, protecting these identities and ensuring they only have the permission they require, is critical. Consider implementing measures to control operate access based on least privilege, while also ensuring this is routinely audited.

Identity Security

Applying the Principles of These Cyber Security Types

Technology enables businesses to operate in a digital world and helps to drive it forward and find new clients and business opportunities. Technology is a fast-paced environment and changes quickly often without notice and therefore, cyber security issues are constantly evolving. These issues also show no signs of slowing down, and so businesses should analyse risks and consider implementing a full spectrum, cyber security solution to cover:

  • Policy and Compliance
  • Technical Solutions (EG Firewall, VPNs, Anti-Virus)
  • Annual Cyber Security Training for Staff.

Many businesses don't take cyber security seriously until they have been breached, by this time it's usually too late, Blue Frontier can support you on your cyber security and InfoSec journey. Speak to our experts about our cyber security services and learn more. 

Michael Raisbeck

Michael Raisbeck

Cyber Security Consultant

Michael has many years of technical experience, having worked in a variety of Technical roles for multiple companies and the British Army. Michael holds a number of Cyber Security accreditations and recently passed his CompTIA Pentest+. 

  • Blue Frontier are accredited with Cyber Essentials Plus
  • Blue Frontier are a Silver Microsoft Partner
  • Blue Frontier is a G-Cloud Supplier
  • ISO 27001 ISO 27001
  • ISO 9001 ISO 9001
  • ISO 13485 ISO 13485
  • ISO 14001 ISO 14001