Cybersecurity 2020: Layered Security
Few IT industry pundits could have predicted that America would suddenly be plunged into a situation that required more than half of the economy to shut down — creating work-from-home opportunities where none existed in the past. While shocking to many, this shift simply accelerated a trend that likely would have taken years without the coronavirus crisis as CFOs and senior executives realized the cost savings available when staff members could function remotely. There is a significant value associated with the reduction of real estate and operational costs, but it still remains to be seen whether this “new normal” will ultimately cost companies in the form of increased cybersecurity risks to the business. In this evolving climate, it’s vital that organizations have a robust and layered security solution in place to protect against threats known . . . and unknown.
The State of Cybersecurity in 2020 and Beyond
The past few years have been littered with the names of major brands that fell victim to million- or even billion-dollar charges due to cybercrime, including gaming giant Zynga, credit card and financial company Capital One, home improvement company Houzz and lab-testing company Quest Diagnostics in the form of their vendor the American Medical Collection Agency (AMCA). Millions of records were hacked, with cybercriminals making away with personal details such as email addresses, social security numbers and even confidential medical records. AMCA was one of the organizations that weren’t able to survive the costs associated with the hacks — quickly declaring bankruptcy after spending an undisclosed amount to notify customers and lost revenue due to a lack of client confidence after the breach. Unfortunately, this story isn’t unusual as global cybercrime costs are expected to skyrocket to $5.2 trillion within the next five years.
Understanding the Value of Layered Security
The idea of layering security isn’t a new one, but it must be far more complex and nuanced than installing multiple antivirus software platforms on your systems or creating multi-factor authentication for your users. Articulating the concept of “layered security” can be challenging even for industry practitioners, as there isn’t a single solution — or even set of solutions — that fulfill the needs of each organization. In general, layered security is meant to help protect each level of your current security against known deficiencies in another layer, each protecting against various attack vectors. With everything from smartphones to PCs and wearables potentially connecting to your network, having layers of security at each level of your company’s interactions is crucial.
What Are the Core Components of Layered Security?
Creating a group of dissonant layers is not enough to create a true defensive strategy. Instead, each layer should interact with and complement additional levels of security, forming a comprehensive net of safety around your business. Components can include everything from firewalls and endpoint protection to vulnerability scans and penetration testing. Most important to today’s fast-moving attacks are real-time notifications and alerts that are woven throughout your security layers. This helps ensure that network administrators and security professionals are quickly notified in the event of an attack and can take immediate actions to reduce the overall risk to the organization’s infrastructure. The additional standards required for data compliance standards can often help define the layers of security needed within your organization.
Layered Security or Defense in Depth?
A defense in-depth strategy generally has three levels of controls physical, technical and administrative. While these protection methods may have been robust enough to protect against threats in the past, IT leaders may not be as confident that traditional defensive strategies can reduce the risk for their organizations. There are potential gaps in this type of approach, including:
- Poorly-training staff members
- Inadequate approach to secure passwords and physical security
- Slow patching of known software or hardware security flaws
- Insufficient malware and virus protection
- Lack of security through vendors and other third-parties
Any of these issues could spell disaster for a modern organization, particularly small businesses that may not have the robust cybersecurity strategies and support needed to protect their organization against invasive attackers. Layered security is one component of a comprehensive defense in-depth strategy that incorporates solutions for systems and individuals across the organization — aimed at ensuring that defense in depth is able to provide adequate protection for an organization.
Cybersecurity is not a one-size-fits-all solution, but rather a series of decisions made based on the risk factors that are unique to your industry or organization. When you partner with an IT managed services provider, you are able to more adequately explore the ways to keep your organization safe — relying on their broader industry knowledge and deep connections with security solutions and vendor partners that can help protect your organization.
Experienced technology executive with the vision and ability to obtain results. Expert in design and delivery of cost-effective, high performance information technology infrastructure solutions that address complex business problems. Strong network technology background especially in the financial services sector; knowledgeable in many aspects of trading technologies and low latency solutions.