Streamline your cloud experience and maximise your cloud investment with Microsoft Azure-aligned public cloud services.
Host all of your workloads in the most appropriate location while experiencing the simplicity of one cloud from Six Degrees.
Enhance your cyber security and safeguard your organisation with our cyber security strategy and advisory, consultancy, and managed services.
Connect your business through a comprehensive connectivity portfolio delivered via our owned and operated core Next Generation Network (NGN).
Secure your productivity on any device, anywhere, any time.
Streamline your hosting with comprehensive colocation services delivered from three UK data centres.
Gain clarity and control of your 5G estate, ensuring ongoing cost efficiencies are managed on your behalf through our managed service.
Gain confidence in your cloud direction and achieve accelerated time to value through our assured and optimised cloud services.
Master today’s complex threat landscape and protect your business with our intelligence-led security services.
Videos and webinars are a great way to digest the latest technology insights.
Our eBooks and whitepapers provide in-depth insights from our experts.
Our thought leaders publish regular blogs on up-to-the-minute topics.
Learn all about the latest news from Six Degrees as we continue to evolve.
We host regular in-person and virtual events for our clients.
Discover how Six Degrees has driven success for others.
Learn how we enable our clients to achieve more; providing superior secure solutions, powered by our passionate people.
We are proud to partner with many of the world’s leading vendors, enabling you to leverage our continual investment in difference-making technology.
Learn how CNS at Six Degrees delivers intelligence-led security services that protect organisations in today’s hostile landscape.
We are committed to operating in an environmentally and socially conscious way. Learn more about our commitments as a business.
We are proud of our secure cloud credentials. Learn why we’re one of the most highly accredited providers in the UK.
We are a friendly and passionate bunch here. Whether you want to work with us or for us, we think you’ll enjoy the Six Degrees experience.
Home » Blogs » What is Cyber Security?
Cyber security is the function of protecting a computer system, network, device, individual, or organisation from cyber threats. Cyber security comprises of technologies, strategies and policies that are designed to reduce vulnerabilities to potential cyber-attacks and prevent them from occurring in the first place, as well as responding to and recovering from attacks after they have occurred.
In this guide we’ll provide a comprehensive overview of what cyber security is – from detailing the types and impacts of cyber threats, to how organisations can create a solid cyber security posture that identifies and protects them from threats before they occur and provides them with resilience in the face of a cyber-attack.
With over half of UK businesses reporting an instance of a cyber-attack in the last 12 months, it is essential to be informed about what cybercrime is. As a leading cyber security managed services, advisory and consultancy provider in the UK with over 20 years of experience, Six Degrees offers a number of security solutions to help organisations defend themselves against the evolving cyber threat landscape.
Cyber threats are the different methods that are used to perform cyber-attacks. There are a number of threat types, each using individualised strategies to target different attack points in a system or organisation and cause different forms of impact on the target.
No form of cyber threat can be used to achieve all aims. Consequently, hackers use different types of threats during attacks to target different organisations and achieve specific aims. Knowing the types of threats you are likely to face is critical for defending against them – this is known as threat intelligence.
The most common cyber threats faced by organisations are:
The severity of these impacts can differ between organisations. It is common for a cyber-attack to have more than one type of consequence.
When a threat is successfully deployed, the resulting cyber-attack can have a number of damaging consequences. These could include a security breach that compromises the integrity of sensitive data, financial loss through needing to pay a ransom, or even personnel loss when the culprit of an insider threat is discovered.
Different businesses will fact different threats and, consequently, different impacts as a result of cyber-attacks. The consequences of a cyber-attack on a retailer will be different to the consequences faced by a machinery manufacturer. Potential impacts organisations face include:
In a complex and evolving landscape full of potential threats, protecting your organisation from cyber-attacks requires a robust, all-encompassing cyber security posture that identifies and prevents attacks before they occur, but prepares you to be ready for attacks and gives you the capability to effectively respond to attacks if they do occur. To do this effectively, your organisation’s cyber security posture requires an alignment between people, processes, and technology.
At Six Degrees, we view protecting your organisation from cyber-crime in the same way you would protect your own home from intrusions and crime. Achieving both of these goals requires you to first identify the potential threats you are likely to face and then set up the appropriate measures to protect yourself from them. With these foundational measures set up, you should then focus on improving your resilience to attacks – detecting them as they occur, responding appropriately, and leading a successful recovery.
All the services we offer are a constituent part of your cyber security journey, and should be used together to improve your overall cyber security posture rather than in isolation. Let’s explore each of these steps in more detail, as well as which cyber security concepts, technologies, and policies comprise each.
Preparing for potential cyber-attacks before they occur is key to both preventing the occurrence of attacks and limiting the impact any attack could cause to your systems or organisation. This can be achieved by developing and employing the correct Cyber Security Foundations for your organisation – identifying attacks or vulnerabilities and implementing the relevant protection against them.
Any organisation should start by gaining an understanding of their current posture and existing cyber security framework. The identify stage is focused on understanding the threats an organisation could face, their existing vulnerabilities, the data or assets that require protection, and what is required to protect them effectively.
Within our analogy of protecting your home, this is comparable to searching your house for vulnerabilities – conducting surveys and finding broken walls or faulty locks – and then determining how these could be exploited and what is needed to prevent this. At Six Degrees we offer the following cyber security services to achieve this.
External Vulnerability Scanning is a process that searches the external, internet-facing systems of an organisation for potential vulnerabilities to gain a better understanding of the vulnerable or exploitable access points. These vulnerabilities can be then tested further.
In Web Application Penetration Testing, the applications and tools that an organisation uses are tested externally and internally for potential vulnerabilities and methods that attackers could exploit within a cyber-attack.
External Penetration Testing targets known external vulnerabilities and weaknesses in an organisation’s cyber security to gain better knowledge on how these could be exploited by relevant cyber hackers that are attempting to attack from outside the system.
A full Cyber Security Assessment provides organisations with a benchmark of how mature and effective their cyber security posture is against industry and regulatory benchmarks. This assessment will result in a roadmap that details specifically how the organisation should improve their cyber security posture.
A Supply Chain Assessment investigates and maps potential threats and vulnerabilities within an organisation’s ‘supply chain’ – that is, the third-party services, tools or products that make up its delivery supply chain and could be targeted and cause the organisation collateral damage.
With a better understanding of their existing posture and cyber security framework, organisations should then focus on what they can do to provide their organisation with basic cyber security protection – through fixing known vulnerabilities to providing training – and validating that these protections are effective.
This is equivalent to arming your home with the required tools to prevent attacks, such as installing new locks, an alarm system or CCTV, and then validating that they work. The following actions can be taken to achieve this.
Internal Penetration Testing reviews vulnerabilities and weaknesses from an internal standpoint, either from inside the organisation’s network or from a user who has authorised access. As opposed to external pen testing, internal testing searches for weaknesses that could be exploited through phishing or insider threats.
In Cloud Platform Build Reviews, tests are conducted on the organisation’s infrastructures that are hosted on public cloud platforms such as Amazon’s AWS and Microsoft Azure to validate if they are correctly configured to protect against cyber-attacks and to identify any potential vulnerabilities.
An End-User Device and Server Build review tests the culpability of an organisation’s end-user devices, such as employee workstations or devices like printers, scanners and smart phones, as well as their connection to and the build of the system servers they are connected to.
Wi-Fi Penetration Tests examine the connections between all devices connected to an organisation’s Wi-Fi networks, such as laptops, phones, and printers, to ensure that both the network itself and the connection to any devices on it are secure and can’t be exploited by potential attackers.
After completing initial testing and scanning of an organisation’s cyber security framework, a security improvement roadmap lays out all the steps an organisation needs to take to improve their cyber security to get to a stage where they have basic cyber security resilience.
This exercise reviews the security framework of an organisation to ensure that it reaches full compliance with relevant standards and laws set by their appropriate regulatory body. This is often conducted before a review by the regulator to guarantee the awarding of certificates.
A comprehensive review of the configuration and key settings across an organisation’s entire system – such as its servers, network devices, and applications to prevent potential intrusions and eliminate weaknesses caused by incorrectly set system settings.
An Information Security Manager can be engaged from a third-party such as Six Degrees as a dedicated service. In this role the Information Security Manager will oversee day-to-day security operations in the organisation and coordinate with different teams to ensure cyber security measures are implemented effectively.
A virtual Chief Information Security Officer, or vCISO, is an external executive who oversees cyber security for an organisation, ensuring effective strategies are created, managing budget effectively and communicating with the board about their cyber security posture.
A Phishing Exercise simulates a phishing attack by sending fake correspondence to employees of an organisation to test their susceptibility to real phishing threats. Staff who do display some vulnerability to phishing are then delivered specific phishing training as a follow-up to the exercise.
Scenario Testing examines how an organisation’s cyber security framework deals with a specific situation, such as against specific cyber threats, cyber-attack behaviours, or with certain controls. These exercises test both the organisation’s cyber security framework and how the attack is responded to.
PTaaS, or Penetration Testing as a Service, is regularly conducted penetration testing conducted by a specialist third party like Six Degrees to identify potential vulnerabilities in software, websites, applications, and systems. When conducted as a service, vulnerabilities can be tested repeatedly to validate fixes or test different forms of exploitation.
While cyber security foundations can protect an organisation from threats and reduce the exploitability of certain vulnerabilities, they can never guarantee that a cyber-attack will not occur. For when this happens, you need concrete resilience – meaning you can detect, respond, and recover from any attacks – minimising their impact.
The detection stage of your cyber security framework is your front line of defence. By proactively detecting threats, organisations can find threats and security issues before they develop into full cyber-attacks and, when appropriate, take decisive action to stop this from occurring.
Comparing it again to stopping intruders from accessing your home, this is equivalent to operating a CCTV system, testing the alarm to validate it will trigger, and locking the door so they can’t access the property. The following services all align to the detection stage.
Managed Detection and Alert (MDA) is provided as a third-party service by cyber security specialists like Six Degrees, who secure an organisation’s platform through round-the-clock monitoring of the organisation’s system and security infrastructure to identify potential breaches, incidents, or attacks then alert and provide guidance on how to isolate and contain the threat.
Threat Intelligence gathering is the process of analysing large quantities of data (from time logs and from information sharing communities or forums) to discover cyber threats an organisation is likely to face. Once these threats have been discovered, actionable insights can be implemented to protect against them.
Social Engineering exercises educate and test an organisation’s staff for potential social engineering attacks from attackers. This is chiefly performed through specialised training which helps staff identify and repel possible social engineering techniques.
In Red Teaming ethical hackers pose as cyber-attackers to run a complete simulation of an attack. The aim of Red Teaming is to provide a simulation that is as close to real life as possible, using sophisticated and stealthy tactics to emulate a real attack. The organisation is not made specifically aware as to when the attack will take place within an allotted window. This tests the organisation’s ability to detect, respond, and recover from an attack.
An Information Security Management System (ISMS) is a collection of strategies and policies for managing sensitive data by implementing a systemic approach to how employees and technology manage sensitive data. As this is a large undertaking, it requires resource to both implement and then mature its place in an organisation.
Business Continuity planning involves creating a detailed plan for how an organisation will operate and respond to a potential cyber-attack. Creating a business continuity plan provides a streamlined and well-defined process that can be followed in the face of a cyber-attack, preventing unnecessary damage or confusion.
No organisation ever wants to have to respond to a cyber-attack – but the reality is almost all organisations will have to. If intruders do attempt to access your property, responding in an appropriate way is essential to stopping the intrusion as quickly as possible and preventing the impact it will have. The same is true of a cyber-attack. By responding effectively, organisations can limit the extent to which they are exploited and the damage the attackers cause. The following strategies outline how organisations can prepare to respond.
Managed Detection and Response (MDR) is a third-party service from cyber security specialists like Six Degrees that covers both detection and response to potential cyber-attacks. The service provider performs both a monitoring role over the organisation’s systems and, if an incident is identified, also works to respond to the attack as it occurs to quickly contain incidents. Find out more about what MDR is here.
Incident Response services provide organisations with on-call support for cyber security incidents and attacks when they occur. The incident response team provides dedicated advice and support on how to respond and contain threats when they occur.
By conducting Incident Response Planning, organisations can create a dedicated plan on how they will respond to incidents, breaches, and attacks when they occur. This planning enables organisations to respond quickly and appropriately when they do occur, eliminating confusion and providing a timeline for teams to adhere to.
An extension of MDR, Managed Extended Detection and Response (MXDR) provides organisations with a multi-layered monitoring, detection and response service that is extended to actively defending their systems from attacks and exploitation as they occur through threat hunting. This services also provides additional intelligence into potential hacking attempts on an organisation’s infrastructure.
Once an attack has occurred, recovering appropriately is key to limiting impact from the attack, as well as preventing future attacks from occurring. Using the analogy of protecting your home once more – if intruders have targeted you once, you’ll want to upgrade locks or strengthen other vulnerabilities so they cannot do so again. In the recover stage organisations should investigate what happened, how they exploited, and what they must do to prevent it happening again.
Managed cyber security providers like Six Degrees can provide a full Disaster Recovery Service that helps organisations to help recover from a cyber-attack and return to business as usual as quickly as possible.
A forensic investigation into a successful cyber-attack that occurred is vital for organisations to learn how their systems were exploited, such as which vulnerabilities and threats were used, and what they need to do in order to prevent further attacks of the same nature. An investigation can also help identify and contain ongoing exploitations to limit further damage.
Our cyber security services help businesses improve their cyber security through a better understanding of their cyber security postures and how to improve them. We have a full service offering to cover all aspects of your cyber security posture – including services that secure your foundations, detect threats, and respond to and recover from cyber-attacks when they occur.
With more than twenty years of experience, we have a large selection of customer stories where we have helped organisations improve their cyber security posture by building the right foundations and resilience. From safeguarding Beale & Co with Managed Extended Detection and Response, to providing Penetration Testing that enables HealthHero to enhance its cyber security posture, we have an accomplished portfolio of work.
Three Cyber Security Priorities for Businesses
Planning for the Future of Cyber Security
Minimum Cyber Security Standards for Businesses
What is Managed Detection and Response?
Five Cyber Security Questions Any CISO Should Be Able to Answer
The Challenge of Public Sector Cyber Security
Four Ways Strategic Partnerships Improve Cyber Security
In an evolving world where risks are ever…
Keeping Your Cloud Clean Sheet They say that…
Defining Your Cloud Game Plan Just like the…
A new independent research report from Six Degrees…
More information on our Privacy and Cookies Policy can be found here: https://www.6dg.co.uk/privacy-cookies/. You can update how we contact you in the future by visiting our Communications Preference Centre here: https://www.6dg.co.uk/preference-centre/.
