Five steps to an effective layered defence strategy
Analysing weak spots in an IT system can be challenging, which is why a layered approach is important
Almost 90% of organisations have seen the volume of cyber attacks either increase or stay the same over the past 12 months, according to a study from Mimecast. And with more companies moving at least part of their business operations to the cloud, defending against both internal and external threats is more challenging than ever a simple firewall won't cut it any more.
This is where the concept of layered security comes in. The approach uses multiple lines of defence to repel potential attacks and is based on the principle that no single form of protection is enough to stop a determined cybercriminal. But if there are multiple defences, even if one is breached, there are other layers to get through before real damage can be done.
But it's not just about applying multiple defences. Analysing weak spots in an IT system can be challenging. Before taking steps towards a layered defence strategy, enterprises must first look inwards. A complete inventory of endpoint devices must be compiled, as hackers are increasingly targeting this attack vector. Existing security policies must also be reviewed so they can be subsequently revised to integrate the wider layered defence strategy. Once the enterprise has taken stock of its current situation, a comprehensive plan can be tailored to fulfil their needs.
Each of these five elements of an effective layered defence strategy work together, forming a mesh of protection around your organisation's systems.
1 - Patch management
A popular technique among cyber attackers is to target software that hasn't yet been updated to protect it from known vulnerabilities. According to Verizon, 99.99% of exploits used in 2014 took advantage of vulnerabilities that had been catalogued in the Common Vulnerabilities and Exposures (CVE) database at least a year prior.
Once a flaw has been detected in a particular piece of software, cyber criminals can easily write scripts to search the internet for devices and systems running versions of the software and target them.
Patch management is a quick win for IT administrators, who can automate the patching of this software using scripting tools, or more sophisticated systems that download, test and administer patches from multiple software vendors.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Another key part of patch management is encouraging employees to keep devices up to date. Whereas the IT department may be able to push out security updates and patches to business devices, organisations that have a BYOD policy or who don't have a system for forcing updates out should educate staff on the importance of installing updates to avoid leaving devices open to vulnerabilities.
2 - Antivirus
The patch management process also applies to antivirus software. Here, patches are scheduled frequently by software providers to ensure their offerings are equipped with the latest files needed to combat continuously evolving and emerging viruses. Ignore the prompted updates at your peril.
Antivirus services should be a key part of any organisation's defences. Although not sufficient on its own to stop attacks, it provides a useful line of defence against malicious software that can be used by attackers to gain a foothold in corporate systems.
In recent times, antivirus technology has also evolved and now features more advanced capabilities that can help it to detect unknown virus and Trojan software. Through using a suite of detection tools, antivirus software begins by sorting through existing computer programmes and comparing them to known malware. Next, the computer is scanned for behaviours that signal the presence of unknown malware.
With so many attacks using malware as an entry point into enterprise networks, antivirus software should not be seen as an optional extra.
3 - Web protection
According to the Verizon Data Breach Incident Report, 54% of malware infections are due to interactions with the web. Given that many malware strains are delivered via a browser, web protection is another important part of a layered defence strategy.
Web protection deploys an internet filter applied to devices which prevents users from accessing certain 'blacklisted' websites. Depending on the vendor, listed sites can be managed by the users, or can be left solely to the software to determine which online locations are safe, and which are malicious.
Like antivirus software, web protection services receive regular updates of domain names and IP addresses associated with malicious behaviour and can be used to block visits from corporate networks. It can also be used as a detection mechanism to spot suspicious surfing activity that could indicate an attack.
4 - Mail protection
As one of the single most important tools for a business, email is still a significant means of delivery for attackers. In fact, 61% of organisations surveyed by Mimecast admitted to being hit by an attack where malicious activity was spread from one infected user to other employees via email in the last year.
Ensuring that your company's email security is up to date is critical to effective protection. It may never be possible to block 100% of all malicious communications, but a good email security solution will ensure that the majority get blocked before they even arrive in your employee's inboxes.
Educating staff about common phishing methods, and encouraging them to speak up if they receive an unexpected invoice or email attachment will help prevent crude attacks from being successful.
Aside from sending links to malicious websites or malware-infected attachments, attackers can increase their chances of success by studying a company and including pertinent details, in a type of attack known as social engineering.
Social engineering is much more difficult to prevent, but awareness training combined with technical solutions like two-factor authentication on email sign-ins can help minimise the risk of staff falling for such tricks.
5 - Backup
Effective backup is the final step and the critical service in a layered strategy. Ensuring defence strategies are up to date may offer peace of mind from a security standpoint, but even the best type of protection systems can be successfully compromised. The threat of attack, along with the consequences of physical data loss, makes backup a critical part of any cybersecurity strategy.
Organisations should ensure they have a tried and tested backup service. Frequent, incremental cloud-based backup services will be easier to test and guarantee, and the lack of physical backup media will reduce the risk of backup data corruption, loss or theft. The technology used in cloud-based backup usually cannot be accessed by ransomware, which makes restoring files much easier in the event of a successful attack.
Introducing layered security is not necessarily the cheapest defence method, but with the increase in vulnerabilities and the determination of criminals to exploit these gaps in organisations, it has never been more essential. Creating a layered approach to security provides a level of protection that traditional approaches on their own simply cannot match.
But it is not infallible as a defence method. Phishing and social engineering attacks are on the rise, and the easiest way of combating the risk of one of your employees accidentally opening the business up to an attack is to build a culture of security.
Regular training on secure practices, highlighting the danger of social paths to infiltration and enforcement of password policies are all simple ways of building this culture of security, and ensures that employees are aware of the potential dangers.