Cybersecurity pillar · Module 3 of 6

Building defences that work

Security isn’t about one magic solution. It’s about layers. If one layer fails, others are there to catch the attack. This is called “defence in depth”—and it’s how every good security programme works.

← Back to Cybersecurity Fundamentals Training

3.1 Defence in depth

Think of it like a castle:

Perimeter. The outer wall. Firewalls, email filters, web gateways. They stop obvious attacks before they reach your systems.
Network. Internal defences. Network segmentation, monitoring, intrusion detection. Even if attackers get in, they can’t move freely.
Endpoint. Each device. Antivirus, endpoint detection, patching. The laptop, the server, the phone—each needs protection.
Application. The software itself. Secure coding, vulnerability scanning, web application firewalls. Apps are often the target.
Data. The crown jewels. Encryption, access controls, data loss prevention. Even if everything else fails, the data stays protected.
People. The human layer. Training, awareness, procedures. People are both the weakest link and your best defence.

3.2 The security controls that matter most

You can’t do everything. Here’s where to focus:

Authentication & access

MFA (multi-factor authentication): Require something beyond just a password. Stops 99.9% of credential attacks.
Least privilege: People only get access to what they need for their job. Nothing more.
Password managers: Unique, strong passwords for everything. No more reuse.

Keeping things updated

Patching: Update software promptly. Most exploited vulnerabilities have patches available.
Configuration: Default settings are often insecure. Harden everything.
Inventory: You can’t protect what you don’t know about. Know your assets.

Backup & recovery

The 3-2-1 rule: 3 copies, 2 media types, 1 offsite.
Test your restores: Untested backups aren’t backups.
Immutable backups: Ransomware-proof storage.

Training & awareness

Regular phishing simulations
Security awareness training (make it engaging, not boring)
Clear reporting procedures (make it easy to report suspicious activity)

🎯 The 80/20 rule

Most breaches exploit basic weaknesses: missing patches, weak passwords, lack of MFA, poor training. Get the fundamentals right before chasing fancy tools. A well-configured environment with MFA beats an expensive SOC watching an insecure network.

Free resources to go deeper

Framework: CIS Controls — Prioritised list of security actions. Start here.
Hands-on: TryHackMe: DVWA — Practice finding vulnerabilities safely
Video: HackerSploit Security Blue Team — Practical defensive security

← Previous: How attacks happen

Next: Detection & response →