Why do businesses and people desperately need cyber security management? Check out Aventis’s MSC courses here. “You can never secure yourself 100% from anything.” “I cannot even help you be 100% secure or 100% private.” Mishaal Khan is a Certified Ethical Hacker and Mindsight’s Security Solutions Architect.
A common misinterpretation among those outside the cyber security sector is that a sole technology – one action, software, or strategy – can make an organisation “secure”. However, that is not the case.
According to findings from the Cyber Security Agency of Singapore’s (CSA) Cybersecurity Awareness Survey, nearly four in 10 people here, or 37 percent, reported being victims of at least one cyber-security incident in 2020. The top three most common cyber incidents reported by people in the poll were: unauthorised attempts to access their online accounts; having their accounts used by hackers to contact other people; and being locked out of their online accounts or files by hackers.
CSA chief executive David Koh said that even as the COVID-19 pandemic has led to more day-to-day activities being conducted digitally, “It is important that we are all aware of and adopt good cyber hygiene to stay safe online in the light of our greater digital footprint.”
For cyber security professionals, understanding the 7 layers of security is the first step. For those interested in taking a cyber security course, this article is a snippet of the basics of cyber security.
So What Are The 7 Layers?
- Mission-Critical Assets
This is data that is absolutely critical to protect. Whether businesses would like to admit it or not, they face malicious forces daily. The question is, how are leaders dealing with this type of protection? And what measures have they put in place to guard against breaches?
An example of mission-critical assets in the healthcare industry is Electronic Medical Record (EMR) software. In the financial sector, its customers’ financial records.
- Data Security
Data security is when there are security controls put in place to protect both the transfer and the storage of data. There has to be a backup security measure in place to prevent the loss of data. This will also require the use of encryption and archiving. Data security is an important focus for all businesses as a breach of data can have dire consequences.
- Endpoint Security
This layer of security makes sure that the endpoints of user devices are not exploited by breaches. This includes the protection of mobile devices, desktops, and laptops.
Endpoint security systems enable protection either on a network or in the cloud, depending on the needs of a business.
- Application Security
This involves the security features that control access to an application and that application’s access to your assets. It also includes the internal security of the app itself.
Most of the time, applications are designed with security measures that continue to provide protection when the app is in use.
- Network Security
This is where security controls are put in place to protect the business’s network. The goal is to prevent unauthorised access to the network.
It is crucial to regularly update all systems on the business network with the necessary security patches, including encryption. It’s always best to disable unused interfaces to further guard against any threats.
- Perimeter Security
This security layer ensures that both the physical and digital security methods protect a business as a whole. It includes things like firewalls that protect the business network against external forces.
- The Human Layer
Despite being known as the weakest link in the security chain, the human layer is a very necessary layer. It incorporates management controls and phishing simulations, as an example.
These human management controls aim to protect that which is most critical to a business in terms of security. This includes the very real threat that humans, cyber attackers, and malicious users pose to a business.
Cyber Security Singapore
Singapore unveiled an updated national cybersecurity strategy on Tuesday (Oct 5) which will see it taking a more proactive stance to defend its infrastructure and boost capabilities as new cyber threats and technological shifts emerge.
Plans are also afoot to turn cyber security research and development into a source of competitive advantage for Singapore, with CSA seeking to position the country as an internationally recognized hub for security evaluation and testing. To do this, CSA said it will develop the cyber security ecosystem to develop more “Made-in-Singapore” cyber capabilities and solutions. It will also invest heavily in people to boost capabilities and develop its cyber security workforce.
With Singapore’s focus on cyber security, we find that the best way to approach cybersecurity is to be proactive instead of reactive when threats or breaches take place.
Aventis can help you take the first proactive step through our cyber security masters and cyber security courses. Find the right programme for you.
Discover more here!