A Defense-in-depth multilayered security strategy can help organizations counter surging levels of cybercrime.
(June 28, 2022) Most security analysts say that 2021 ranked as perhaps the worst year ever for cybercrime. With data breaches, ransomware attacks, phishing scams, and malware infections all increasing at a record pace, global damages from cybercrime have been estimated at more than $6 trillion last year — six times more than in 2020.
Cybercriminals haven’t taken a vacation in 2022.
“Cyberattacks continue to increase in scale and sophistication,” said Mark McClelland, co-founder and vice president of Mainstream Technologies. “Organizations cannot afford to let down their guard. They need to remain vigilant and put controls in place that can help prevent the most prevalent attacks.”
Ransomware, phishing, and identity theft remain the most common forms of attacks. Mobile malware attacks, social engineering, and cryptocurrency scams are also on the rise, along with supply-chain attacks and state-sponsored attacks on critical infrastructure.
A multilayered security approach, also known as defense in depth, provides the best protection against these attacks. With multilayered defenses, an attack that defeats one security mechanism can still be thwarted by other measures.
The Expanding Attack Surface
The changing nature of network computing plays a significant role in the worsening threat landscape. Cloud, edge, and mobile computing, along with remote work and the Internet of Things, have effectively erased the traditional network perimeter. With a far more distributed computing environment, organizations today must support a greater variety of technologies in many different places — which, of course, means they must contend with a greatly expanded attack surface.
There’s a tendency to respond to increasing threats by buying and deploying new security tools. That is not always the ideal strategy, however. Research suggests that an overabundance of tools may actually compromise security by increasing complexity. In a recent IDG survey of security professionals, 85 percent said they are adding security technologies faster than they can productively use them, and 71 percent said the increasing amount of time they spend managing tools inhibits their ability to defend against threats.
A better approach may be to shrink the security software stack by eliminating tools that are underutilized or aren’t producing expected results. This can reduce complexity and enable a stronger focus on creating a multilayered defense composed of tried-and-true solutions that work together to block threats.
The Multilayered Approach
One effective strategy is to focus on building security into each of the OSI’s seven layers of cybersecurity. Here are some layer-by-layer suggestions:
Human Layer. Most data breaches are caused by human error. Phishing attacks, poor password practices, and lost devices are among the leading causes. Consistent training and education programs reinforce the need for employee diligence. Training should include instruction on phishing awareness, good password and email habits, and how to spot the latest scams and threats.
Perimeter Layer. Perimeter security begins with a robust firewall solution that can prevent malicious traffic from ever reaching the network. The firewall is also where much of the layered security integration takes place. Along with deep packet inspection capabilities, next-generation firewalls include antivirus, web filtering, Secure Sockets Layer (SSL) and Secure Shell (SSH) inspection, and reputation-based malware detection.
Network Layer. Access control helps organizations manage and which users and devices can access corporate networks based on policies, including endpoint configuration, authentication, and user identity. Policies should be based on “least-privilege” access principles that only allow users to access the systems and resources they need to do their jobs.
Endpoint Layer. Endpoint protection platforms (EPPs) provide an important first line of defense by integrating antivirus, anti-malware, intrusion prevention, data encryption, and personal firewalls to detect and block threats. Endpoint detection and response (EDR) solutions go further, using advanced behavioral analysis and machine learning to identify suspicious files. Data loss prevention (DLP) solutions monitor endpoints and other network entry and exit points, alerting administrators when the sharing or transfer of data violates company policies.
Application Layer. Application security measures prevent sensitive data and intellectual property from being stolen or hijacked. Regular penetration tests and threat assessments provide visibility into any vulnerabilities, and regular patching and updates help ensure that any known security problems are fixed.
Data Layer. Encryption is the No. 1 measure for protecting critical data assets. Other essential data protection solutions include immutable backups, two-factor authentication, enterprise rights management, and policies that ensure data is wiped from devices that are no longer being used or that are being sent to another employee for use.
Mission-Critical Assets. These are an organization’s “crown jewels” — anything that would cause a major business disruption if compromised, including operating systems, financial records, contracts, and cloud assets. Protecting these assets will require access management, encryption, network segmentation, and a well-designed and tested business continuity plan.
ABOUT MAINSTREAM TECHNOLOGIES
Mainstream Technologies delivers a full range of technology services in Arkansas and the surrounding region including managed technology services and consulting custom software development and cybersecurity services. We also offer industry-leading data center services in our Little Rock facilities. Established in 1996, Mainstream has earned a reputation for delivering quality, reliable, and professional technology services for public and private-sector customers across the United States.
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile