7 layers of cyber security

Cyber security in 2024 is constantly changing and evolving. Businesses and individuals alike are becoming more in-tune to their personal cyber risk and responsibility, but unfortunately, criminals are keeping up with these changing attitudes. New technology, malware types and attack trends mean that applying the correct cyber security layers are more important than ever. In this article, we unravel the intricacies of cyber defence through the lens of the seven essential layers of security.

7 layers of cyber security

Did you know humans are often the weakest link in the cyber security chain?

Do you have a tried and tested plan in place for when things go wrong?

We recommend all organisations get hacked... ethically! This is called a 'red team' exercise.

Do you regularly review who has access to what and why?

Is your technology secure?

Does your Head of IT recognise how many endpoints are on your network?

If you randomly asked an employee where to find your security policies and procedures, could they tell you?

Click the dots to explore the 7 layers of cyber security

1. Policies: the Foundation of Cyber Resilience

At the core of robust cyber security lies a comprehensive set of policies and procedures. Establishing clear guidelines and protocols ensures that every member of your organisation understands their role in safeguarding sensitive information and configuring platforms. This greatly increases the consistency and effectiveness of any IT/OT environment as well as streamlining the operational workings. Think guides on how a new employee should be securely onboarded, policies on what different websites are safe to use internally or how a password should be constructed. Clearly spelling this information out sets the stage for a unified and proactive approach to IT and the security surrounding it.

2. Endpoint Security

Endpoints (devices connected to a network, such as an employee’s mobile device, laptop or workstations) serve as the frontline defence against cyber threats. Antivirus software, encryption, and endpoint detection and response (EDR) solutions play pivotal roles in mitigating attacks at the device level, safeguarding your organisation from malicious infiltrations or unknowing participants in social engineering attacks or malicious website browsing.

3. Perimeter and Network Security

Perimeter and network security involve deploying firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS) and virtual private networks (VPNs). These measures create a robust perimeter that safeguards an organisations assets from external threats. Alongside perimeter security, we must also attend to securing the data in transit within the trusted network. Active and passive network monitoring tools to provide visibility into what is happening on the network, whether it is resources experiencing downtime, to who is sending what and where.

4. Access Control and Zero Trust

When granting access to different business resources, whether physical servers or digital computer data files, it is important to embrace a culture of access control and zero trust. Ask yourself, ‘does colleague X really NEED this shared drive? Or can it be kept to management only?’ Granting the right individuals the right level of access is less about trust of the individual, but more about reducing the risk of an attack. E.g., if the said shared drive in that example is only with higher management (5 profiles) as opposed to the whole organisation (40 profiles), you reduce the risk of an attacker finding that drive by 87.5%! Privileged access management is a vital tool for safeguarding the impact after a breach has happened. Zero trust refers to applying an extra layer of authentication on the authorisation that will ensure those who have access are who they say they are.

5. Risk, Penetration and Vulnerability Assessments

Without testing, how do we know how good we are? Assessments that regularly test the strength of your defences is a crucial step for continuous improvement. These tactics are often referred to as ‘red team’ exercises, where skilled cyber professional (ethical hackers) will attempt to gain access to an organisation to identify security holes from the outside and inside of the network that can be patched and fixed up before a malicious hacker gets there first. 

6. Business Continuity and Disaster Recovery

It is a statistical fact that if you have not been hacked or breached yet, there is a likelihood that it will happen soon. When things go wrong, time is of the essence, and having a tried and tested plan can make a huge difference in your ability to recover. This layer involves creating strategies to minimise downtime, recover data, and resume operations swiftly after a cyber attack. Every moment a company spends down is money lost. Recovery and continuity plans are also not worth anything if they are not regularly tested and set in stone. 

7. The Human Layer: Nurturing Cyber Awareness

Recognising that humans are often the weakest link in the cyber security chain, this layer focuses on education, training and awareness. Training employees on cyber security best practices, social engineering awareness, and fostering a culture of security consciousness strengthens the last line of defence against cyber threats. At the end the day, even if layers 1-6 are secure, without properly educated people there to implement and enforce practices, layers break down in an instant.

As businesses navigate the complex landscape of cyber security solutions, understanding these seven layers are essential for making informed decisions. From policies that establish the groundwork to the human layer that reinforces awareness, each element plays a crucial role in defending against cyber risk. By adopting a holistic approach to cyber security, businesses can create a resilient defence strategy that adapts to the evolving threat landscape, ensuring a secure digital future.

Join the Industry Leaders Fighting Cyber Crime with Riela

Get your free cyber consultation today

Subscribe to our threat report

Stay updated with the latest threats and industry news.

Kurt Schrauwen

kurt SCHRAUWEN

Director

Kurt Schrauwen is a Director of the Riela Group of companies which includes Riela Yachts, Riela Cyber and Riela Tech. 

Kurt brings more than 20 years of leadership experience having been an early part of the global success of Microgaming in becoming a market leader. Kurt was responsible for the commercial, contractual, and technical sales for Microgaming and with this experience will complement the company’s growth strategy.

Kurt is passionate about business optimisation and prides himself in having an intrapreneurial outlook to maximise staff potential, reduce inefficiencies as well as identifying and maturing revenue growth opportunities.

Paul Cocker

Service Delivery Coordinator

Paul Cocker joined the Riela Group in late 2021, after spending just under 20 years with his previous employer.

Paul is responsible for the Riela Tech service levels, working on both the dispatch function and SLA management. Paul carries out a variety of duties across the Network Operations Centre and works closely across the wider team to deliver professionally tailored solutions for our Riela Tech clients.

GET A QUOTE

we’re Here
To Assist You

Something isn’t Clear?

Feel free to contact us, and we will be more than happy to answer all of your questions.

Murat Guner

Infrastructure Engineer

Murat Guner joined the Riela Group in the Summer of 2021 as an Infrastructure Engineer.

Murat began his career in Turkey as a computer teacher for primary and secondary schools before migrating his skills into IT infrastructure. After honing his IT experiences throughout a colourful career path, Murat gained numerous qualifications which he is now excited to apply to the management of our Riela Tech infrastructure.

Andrew Clucas

Senior Network Engineer

Andy is a qualified Network Engineer with in-depth knowledge of architecting, implementing and supporting networking solutions in the SMB, Enterprise and Service Provider environments.

He has over 20 years of experience working across multiple vendor operating systems, including Cisco, Juniper, Linux and Microsoft, and has also been responsible for implementing a variety of large scale network services deployments, taking projects from design to rollout and support.

Andy also has experience of deploying and migrating a range of virtualisation technologies including VMWare, Hyper-V and KVM based systems.

Marc Dorey

Infrastructure & Managed Services Lead

Marc is our Group’s Infrastructure and Managed Services lead with over 18 years’ experience in delivering infrastructure projects across multiple industry verticals and international jurisdictions.  From projects in Aerospace and Engineering through to Banking and Insurance, from Europe, China, Africa and Australia.

This experience is matched with a varied list of certifications from leading industry vendors such as Hp, Cisco, Microsoft, Ruckus, CompTIA and more.  As a qualified technical trainer Marc is comfortably able to take complicated technical concepts and deliver them in simplistic terms to key decision makers and end users alike.

Most of Marc’s experience has been gained working for managed service providers, both large and niche and as such is able to take real world experience and blend it with industry standards to help align our service delivery with our clients values and processes.

Alexandria halsall

Marketing Executive

As a Marketing Executive, Alex is responsible for all marketing duties spanning the Riela Group.

Alex joined the Riela Group in August 2020, shortly after graduating with a Psychology degree from Nottingham Trent University.

With past work experience in content marketing, event management and web design, Alex is able to apply her creative and analytical skills into the Riela strategy.

Matthew Roberts

Head of Sales

As the Head of Group Sales at the Riela family of companies, Matthew leads the company’s sales strategy, execution, and growth.

Matthew has a successful record building trusted client relationship and delivering upon set expectations. An accomplished sales leader, he delivers a sales process that provides clients with the information and support they need to make the right decisions for their organisations and their constituents.

Matthew has significant experience within the maritime industry having previously worked across various sectors including insurance, security, satellite communications and managed IT. Matthew’s most recent experience encompasses almost 5 years spent with the leading satellite communications and managed IT provider in the maritime industry, focusing on their superyacht clientele.

Christian Goelz Riela Cyber

christian goelz

Director

Christian is involved across the Riela family of companies with particular attention to the technology businesses, Cyber and Tech.

Christian gained a postgraduate Master in Finance degree at the University of Neuchatel, Switzerland and completed his MBA at the University of Chicago Booth School of Business.

Before joining us, Christian worked for six years at Argosy Capital, an Isle of Man-based private equity and venture capital business focusing on early-stage growth businesses. At Argosy, he focused on managing investment companies, research and financial analysis and served as a director on several boards.

ROBERT TOBIN

Riela Group Managing Director

Robert Tobin is the Managing Director of the Riela Group of Companies and is responsible in overseeing our business operations, our people and driving excellence in all we do.

Rob brings over 25 years’ of successful leadership and entrepreneurial experience across a range of industries including Family Office, corporate services, construction engineering, Superyachts, cyber security and information technology development to our Group, and to our customers.

In the past 15 years Rob has gained a prominent reputation within the Superyacht industry for his passion, integrity, innovation and achievements to date.

“Being part of an awesome, capable and forward thinking team that have a shared passion for Superyachts, people and the environment is the highlight of my career and puts a smile on my face and a spring in my step everyday”.

Peter Astell Burt

Director

Peter is an experienced technology consultant with a demonstrated history of working in the IT and cyber security industry.  Skilled in Search Engine Optimization (SEO), IT Strategy, Start-ups, Regulations, and Online Gaming. Strong consulting professional with a DPhil focused in Natural Sciences from ChristChurch, Oxford.

Tim Bliss

Tim Bliss

Founder

Tim Bliss, Managing Director of Riela Tech since the company foundation in 2015 and Director of Riela Cyber, brings over 20 years’ of successful leadership experience across a range of industries including finance and banking, software development, and manufacturing, as well as cyber security and information technology. Prior to forming the company he led the technology for Manx Financial Group PLC, where he was instrumental in business systems transformation.

“It is our hugely capable team of experts that drives our business – it is fantastic and rewarding to be able to use technology, intelligence, and great customer service to help make our clients’ business and staff progressively more efficient resilient and secure”