For businesses, it is vital to start to manage risk associated with cyber threats to help protect themselves, their brand and clients. It is more crucial than ever before to be aware of the cyber security types available to protect their web applications, networks and data.
To protect, we must first understand the different types of cyber security and how to adapt them to defend against cyber attacks. Cyber security is not a one size fits all and instead needs to be tailored to your organisation and risk strategy. Some areas of cyber security overlap, and addressing each area will help ensure you are covering the three aspects of the CIA Triad. Regardless of the cyber security type, they all serve the same agenda: to ensure the confidentiality, integrity, and availability of your digital assets.
There are many acronyms and buzzwords in the IT and Cyber Security industry, and many people use these interchangeably – the two most common are cybersecurity and information security, sometimes referred to as InfoSec. These disciplines are related but they are not the same thing – but used together they complement each other providing a holistic approach to security.
InfoSec focuses on all types of information and does not discriminate about its form (covers both digital and physical formats), whereas Cyber Security is the art of protecting your digital assets and people from cyber-attacks.
The UK National Cyber Security Centre (NCSC) defines cybersecurity as “Cyber security is how individuals and organisations reduce the risk of cyber-attack with its core function to protect the devices we all use (smartphones, laptops, tablets, and computers), and the services we access - both online and at work - from theft or damage”
Armed with this new information let's dive into the cyber security types all businesses and individuals should consider.
The security of your network security is of key importance. All businesses use their network every day, and most depend on it functioning correctly to conduct business effectively, with any form of disruption to the network considered disastrous. Network security includes the controls and activities that are designed to guard the integrity of your networking infrastructure including; defending against unauthorised access, hacking attempts, employee misuse, and segregating internal networks where applicable.
Network security can be broken down into three categories:
Common threats to the network include:
This area of cybersecurity ensures that your network infrastructure, from devices, applications including end-users, works securely. Networks are a crucial part of the IT environment; organisations should not underestimate the importance of getting this right.
There are many security technologies and solutions that can help you implement best practices. Some of the cyber security solutions to protect networks include:
Endpoint security should also not be overlooked, ensuring that they are fully patched, running anti-virus/malware protection and the local hard drives are encrypted. Businesses can’t rely on network security to always protect them, especially with a hybrid and mobile workforce meaning the network perimeter is now not always defined.
Endpoints that you must secure are:
New trends in the light of COVID-19 such as remote and hybrid working, and bring your own device (BYOD) create additional risks and complexities for securing endpoints.
Cloud security refers to processes, policies, and technical controls you put in place to mitigate security threats in a cloud-computing environment. Examples of public cloud computing include Amazon AWS and Microsoft Azure or private cloud like VMware or OpenStack. Regardless of the cloud-computing model you are using, of which there are three, public, private and hybrid, cloud computing presents some unique challenges of its own. This type of cyber security has several unique challenges, such as:
Another challenge arises from the shared-responsibility model this differs on the type of cloud service, but in general terms:
Some of the cloud security solutions and best practices to consider for securing the cloud are:
Application security is often overlooked, demonstrated by several high-level hacks in recent years. In fact, Security in the Internet of Things (IOT) is often not even considered by a manufacturer leaving users extremely vulnerable.
Application security should be a major focus for developers and also the executive leadership team, and goes far beyond the design and development process. Even if you’re only deploying commercial off-the-shelf software or applications, you need to continuously ensure that they remain secure throughout their lifecycle; penetration testing and vulnerability assessments can assist with this.
Vulnerabilities are the most significant risk; cybercriminals use these to get a foothold into your application or environment. There are countless examples of breaches showing the devastation this can cause. For example, the data breach fine from the Marriot Hotel breach was £18.4m, this doesn’t include private litigation and damage to reputation/brand. The application cyber attack in this instance exploited a weakness in the Microsoft Windows operating system, with the cost to the business climbing into the billions of dollars.
Besides vulnerabilities, other challenges in application security include:
Some of the practices and solutions to consider for this type of cybersecurity:
The majority of threats faced by users are internet-borne and so this cyber security type should definitely be key consideration to protect your organisation. Although other types of cybersecurity, including network and cloud, help defend against internet threats, the prevalence and magnitude of these threats warrant placing internet security into its own category. While internet security is often viewed as securing the data in transit over the internet, it encompasses much more than that.
To help protect your organisation you may consider the below:
DNS-layer protection: A device that has been compromised in a malware attack will typically try and communicate with a command-and-control centre. Blocking these types of requests before the device connects to the internet can help mitigate/stop this type of threat.
Email security: Phishing is the bane of every user and IT admins life, it's relentless but many people still fall for It; blocking emails that contain malicious links and attachments can prevent employees from falling for phishing schemes, software like Barracuda is an excellent mitigation against this. You may also consider encrypting emails and applying SPF and DMARC to your email solution.
URL filtering: Restricts the types of websites your organisation can access, enabling you to block websites based on risk, content, or custom criteria.
As you discover the cyber security requirements that your organisation needs, one other cyber security type to consider is Identity Management. Our interconnected digital world means many operations revolve around access to data in digital form, protecting these identities and ensuring they only have the permission they require, is critical. Consider implementing measures to control operate access based on least privilege, while also ensuring this is routinely audited.
Technology enables businesses to operate in a digital world and helps to drive it forward and find new clients and business opportunities. Technology is a fast-paced environment and changes quickly often without notice and therefore, cyber security issues are constantly evolving. These issues also show no signs of slowing down, and so businesses should analyse risks and consider implementing a full spectrum, cyber security solution to cover:
Many businesses don't take cyber security seriously until they have been breached, by this time it's usually too late, Blue Frontier can support you on your cyber security and InfoSec journey. Speak to our experts about our cyber security services and learn more.