Setting strong foundations: why the basics matter in cyber security

In today's rapidly evolving digital landscape, it's easy to get caught up in the latest cyber security trends and technologies. But, as valuable as these may be, the most effective strategies are still rooted in fundamental principles. This is a topic I touched on in a session at our security conference last November.

For those who didn’t attend, here’s a reminder of the timeless cyber security concepts that are still powerful today.

1. The CIA triad: the CIA triad – confidentiality, integrity and availability – remains a cornerstone of cyber security. It is essential to balance these elements based on the nature of the data and systems being protected. For instance, public websites prioritise availability and integrity, while sensitive medical records demand high confidentiality and integrity.
2. People, process and technology: effective cyber security takes a holistic approach that encompasses all three. Every organisation needs comprehensive training for users, robust processes for managing assets and the right technological tools to support security efforts.
3. Asset and identity management: if you don’t understand and manage your organisation’s assets and identities you can’t maintain a secure environment. Be sure to keep track of critical assets and make sure only authorised personnel can access them.
4. Continuous monitoring and logging: these are vital for detecting and responding to security incidents. Tools such as endpoint detection and response (EDR) and security information and event management (SIEM) are crucial for actionable intelligence. Our cyber security threat monitoring service gives you a single dashboard to monitor and respond to security anomalies and protect your organisation against attacks.
5. Strengthening the domain name system (DNS) and network security: DNS is a frequent target for cyber-attacks, including exfiltration and denial-of-service attacks. To counter the threat we recommend using secondary name servers for resilience, hardening your secure shell (SSH) configurations, segmenting networks to limit the spread to intrusions and using a protective DNS resolver service to block malicious sites. It’s worth considering getting additional peace of mind via our primary nameserver service, especially if your organisation is connected to the Janet Network. We offer it at no extra cost.
6. Compromised credentials: credential theft is still a leading cause of breaches. For that reason it’s important to implement and enforce multi-factor authentication (MFA), separate admin credentials and an always-on virtual private network (VPN) with MFA for high-value users.

To mitigate your organisation’s cyber security risks, remember to make sure the good old-fashioned basics are right even as promising new technologies emerge and strategies evolve.

Focus on the core principles of asset management, monitoring and securing network infrastructure and you shouldn’t go too far wrong.

At Jisc we offer a range of services to help you assess and improve your cyber security posture including CREST-accredited penetration testing and an IT health check.

Stay secure with the fundamentals

Cyber threats may evolve, but the foundation of effective cyber security remains the same: strong asset management, continuous monitoring, and robust network security. By reinforcing these good old-fashioned basics, your organisation can build resilience against modern threats while staying prepared for the future.

For deeper insights into these strategies, watch the Security Conference session recording here.

Joining our cyber security community group ensures you stay informed about emerging threats, gain access to expert advice, and connect with peers facing similar challenges.

If you are a Jisc member and you’d like further details please contact your relationship manager. Otherwise drop us a line at customer.support@jisc.ac.uk