Especially today, cyber security is of vital importance to both essential service providers and to our infrastructure. Because of that, Finland seeks to collaborate and bilaterally share information with other countries and companies. As part of this, ICTOulu collaborates with various Finnish IT companies in a Cyber Security Road Show, taking place from 26-29.9.2023 in Berlin and Rostock.
This article is written from the Oulu-based cyber security perspective and aims to give a brief overview of the various layers of cyber security. Each layer lists several Oulu-based IT companies involved in the defined layer. More information on the companies specifically involved in the Roadshow Germany can be found at the end of this article.
Cyber security layers
This is the outermost layer, which focuses on securing the physical components of an organization’s IT infrastructure. Common measures are access control, surveillance and security guards, all of which prevent unauthorized physical access to servers, data centers and networking equipment.
Perimeter Security or Network Security
This domain guards the boundaries of the network to prevent unauthorized access and attacks from external sources. It includes firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS) and virtual private networks (VPN) to filter and monitor incoming and outgoing traffic.
So-called endpoint devices are vulnerable entry points for cyber-attacks. Examples are computers, smartphones and tablets. Endpoint security involves protecting these devices from malware, viruses and other threats through measures such as antivirus software, endpoint detection and response (EDR) tools and mobile device management (MDM) solutions.
Company: Bittium (Bittium Tough Mobile)
Securing software applications and their development process is the next security step. Secure coding practices, application security testing and web application firewalls (WAFs) are employed to identify and mitigate vulnerabilities in software.
Being a critical asset, data security involves protecting said data throughout its lifecycle. Many methods can be used to safeguard data from theft, breaches or unauthorized disclosure. Some examples are encryption, access controls, data loss prevention (DLP) solutions and data backup and recovery strategies.
Identity and Access Management (IAM)
Using IAM, only authorized users and devices can access specific resources. Techniques like multi-factor authentication (MFA), single sign-on (SSO) and role-based access control (RBAC) can be used to ensure this.
Security Monitoring and Incident Response
This layer involves continuous monitoring of network and system activities to detect and respond to security incidents. There are various ways of doing this, like Security information and event management (SIEM) systems, security operations centers (SOCs) and incident response plans.
Companies: SensorFleet, SensorFleet, SensorFu, Badrap, and Netox.
Security Awareness and Training
A very significant cyber security risk is human error. Therefore, it’s vital to educate both employees and users to create more awareness. Special security awareness programs help them recognize and avoid common threats like phishing and social engineering.
Because more and more organizations migrate to cloud environments, it’s nowadays essential to secure cloud services and data. Cloud security consists of configurations, identity management and encryption specific to cloud platforms.
IoT (Internet of Things) devices are becoming increasingly common, which means that potential security risks also grow. Securing them focuses on interconnected devices and the data they generate, and involves authentication, device management and secure communication protocols specifically designed for IoT.
Supply Chain Security
Lastly, an organization’s technology supply chain needs to be secured. This means assessing and securing the software and hardware components involved and aims to prevent vulnerabilities from being introduced through third-party products and services.
Part of a whole
Each one of these cyber security layers is part of a whole, and not one can be excluded. Together, they create a holistic security posture for an organization, addressing both external and internal threats. This multi-layered approach is essential because no single layer can protect against the evolving landscape of cyber threats.
Finland-based IT companies at the Roadshow
Various cyber security companies will represent Finland during the Roadshow. Each of them has their own ways of providing security. SensorFu takes care of network isolation and segmentation, making it fully automatized. Badrap provides playbooks with vital instructions on industry best practices including interactive step-by-step instructions. The well-known SSH secures your communications and critical data, and makes sure only authorized people and companies have access to the right files. Securing IT, OT and cloud environments is done by SensorFleet, using cloud, common virtualization platforms, and hardware. Last but not least, Xiphera designs their own hardware-based security solutions using standardized cryptographic algorithms.
We will post updates throughout the month on ICTOulu, as well as on our LinkedIn channel. If you want to know more about our activities and we how can support your business, please feel free to contact us.