Building the first line of cyber defence

Cyber is becoming an increasingly important part of every business, from small to large enterprise. Regarding the added issue of security – how do you protect what you value most?

Whatever the size of your company, whatever system you use, you need to ensure your business is aware of the risks and how to block them. With the growth of AI and Robot Process Automation (RPA), these tools leveraged by threat actors attack more businesses in a shorter amount of time.

What is cyber security?

Cyber security's core function is to protect the devices we all use (smartphones, laptops, tablets and computers), and the services we access - both online and at work - from theft or damage. It's also about preventing unauthorised access to the vast amounts of personal information we store on these devices, and online.

Why is it important?

According to the National Cyber Security Centre, Cyber security is important because smartphones, computers and the internet are now such a fundamental part of modern life, that it's difficult to imagine how we'd function without them. From online banking and shopping, to email and social media, it's more important than ever to take steps that can prevent cyber criminals getting hold of our accounts, data, and devices.

In this article, we’ll dive into what forms part of the first line of defence for cybersecurity – key to you outlining your known knowns.

First Line of Defence - Known Knowns

You need to determine precisely where and what your risks are, who/what the threat actors are that may cause loss of valuable data and/or impact on your ability to do business.

It is all about control, allowing you to build, maintain and test the foundations of your cyber risk strategy, securing cloud environments and identifying network vulnerabilities.

Here are the key services in the first line of defence in order to help you identify how assets are vulnerable and outline cyber risks, to implementing and testing policies and procedures.

  • Penetration Testing

Core objective: How could hackers squeeze through the technology, personnel, and processes to reach your data?

Penetration testing uses tactics like those of a genuine attacker to seek out vulnerabilities, identify the issue and assess potential damage.

Your consultant should provide actionable advice and a solution to rectify any weak spots identified.

As well as penetration testing, device security assessment peels back the layers for a complete view of the cyber security for servers, laptops, desktops, routers, firewalls and switches.

Vulnerability Management

Core objective: Vulnerability assessments are designed to identify security holes and reinforce your networked systems.

Conducting vulnerability scans, single or as a series, based on your corporate infrastructure the resulting reports provide visibility on current vulnerabilities that can be translated with clear actions outlined.

Vulnerability scanning finds known issues for a quick win in improving your cyber security while a management programme discovers, manages, and remediates risks across your IT estate.

  • Cloud Security

Core objective: Define how resilient your cloud infrastructure is to attack. As you build out your use of cloud technology, making sure security underpins everything.

Vulnerabilities within cloud technology are on the rise - the complex infrastructures of the cloud technology make it difficult to know which are exposed to attacks and represent critical risk.

Protecting your cloud infrastructure is crucial as any attack footprint can rapidly expand.

Look for cybersecurity consultants with extensive knowledge on how to protect cloud environments and implement risk management processes that prevent possible breaches. Relying on cloud technology/service providers accreditations and contracted shared risk is not going to give you the validation you need.

Types of Cloud Testing

A security assessment delivers detailed penetration testing on your configuration reviews focused on Amazon Web Services, Microsoft Azure and Google Cloud Platform.

A table-top resilience exercise offers great value, running through what happens in the event of cloud outage and finding out if your design meets your requirements.

Segregation testing removes blurred lines surrounding your network boundaries to ensure no data leaks can occur.

Identity and access management provides advice on how to be more secure while enabling the goals of the business.

  • Web Apps & Services

Core objective: Evaluating the security of the application and development supply chain.

Data availability and access applications are essential within your business - and are an attractive target for attackers due to their connectivity across internal resources and databases.

By blending technical knowledge with business common sense, cybersecurity consultancies can help secure your infrastructure – without restricting your people, processes, and technology.

Does your business develop software? Then it is crucial to weave security assurance activities and architecture analysis into the fabric of your development plan to reduce vulnerabilities - effectively building security in.

Threat actors are turning to place code within opensource to help obtain access on future developments, unbeknown to the application developer. This activity is on the rise and has impacted many already with highly publicised breaches.

Regular testing as part of your secure software development lifecycle is highly recommended, this may already exist or can be developed for you.

  • Wireless Security

Core objective: Can malicious threats break into your networks?

Effective management of potential wireless threats requires a thorough assessment of your environment which is then turned into a security strategy. It helps you understand the risk and a recommend methods for countering the threats.

WiFi penetration testing establishes whether malicious threats can break into networks while reviewing the risk and implications of allowing corporate data to be accessed on personal devices.

Most wireless networks provide varying levels of access so further network segregation testing offers physical security tests to identify how systems can be overturned by attackers.

These are core activities that will help improve your cybersecurity posture and protect what is most valuable to you and your business.

Who will help me do this?

The wider cybersecurity landscape is large, noisy and can be quite confusing to pick out what is real, valuable, and most importantly needed for you and your business. Finding trusted and credible advice as you build security into your growth journey is very important.

Cybersecurity consultancies with a passion to helping protect what is valuable to you is most important. The reason why they exist, credibility through security certifications and business standards can help provide a minimum level of quality you should expect.

To help you understand how to get the most out of working with a cybersecurity consultancy I have shared 6 key steps you should take with them below:

6 key steps a cybersecurity consultancy follows:

  1. Identify - Work together collaboratively, to enable your chosen cyber security partner to familiarise themselves with your business, allowing better understanding of your requirements, business risk, key pain points and your required outcomes. You stand to get greater value out of the partnership if you do this and better security outcomes.
  2. Understand – Defined requirements will be turned into clear scoping and test plan so you know what needs to be done, when and how. This is to align the business and security specialists to minimise impact on day to day business operations.
  3. Test – Time will be scheduled to run the testing carried out remotely, or on premise as defined by the scope. This is where you as a business carry on as normal, confident that the evaluation is under way.
  4. Inform - Every report should be uniquely based on your business. You should expect a precise, concise brief that will advise what steps your business needs to take to reduce cyber risk.
  5. Remediate – Knowing the cyber risks and steps you need to take, the remediation process is tracked and co-ordinated within your business, allocate resources to point you in the right direction or help directly. This is critical to your business to complete in order to achieve an improvement in your security posture.
  6. Feedback - Your opinion is valuable. Working in collaboration with your security partner is important to realise your desired outcomes and exploring future needs as you grow and scale as a business to develop a true partnership.

Hope you have found value in what I have shared relating to building your “first line of defence”. Building a culture of security and having it as a foundation or pillar of your business from the get-go reduces complexity and risk so as you grow, you become more secure.

In the next article I write I will be sharing with you the 2nd Line of Defence. What does that look like and some advice on how this can be applied to your growing business.

I am always looking to engage with the wider business community to establish thoughts, feedback, and what you are doing for your first line of defence - will be great to get your views.