Are you wanting to know how to implement a layered approach to security that will actually protect your company from hackers?
One that causes them to be so frustrated that they give up and move on.
Then you will love today’s post.
Layered security is the only way to actually stop cyber attacks in 2020.
Let’s dive in:
Why is layered security so important?
Layered network security involves using multiple security controls in every business operation. If an attacker is able to bypass one security layer, they will find another. For example, using Multi Factor Authentication would mean an attacker that discovered a user’s password would still have an additional security control to overcome.
This is just one example of layering security controls.
We will look at quite a few more.
What is a layered approach to security?
A layered security approach is important because there is no single security control that can keep hackers out. Having multiple layers of security protects you even when one of those layers fails. This makes it harder for attackers to accomplish their goal and provides more time to catch them.
Cybersecurity attacks have evolved tremendously.
Today’s attacks are usually complicated and require the attackers to use multiple weaknesses along their path to full compromise.
Many times, attacks even involve a mixture of targeting humans (social engineering) and targeting system weaknesses.
The amount of devices on most networks today makes this even more complex - smart devices, printers, IoT, industrial devices, computers, servers, etc.
This simply means more ways that an attacker can get into your organization.
From our own experience doing penetration testing, it is very easy to get an initial foothold into most organizations.
If they implement a layered security strategy though, it will be much harder to pivot that initial foothold to gain access to sensitive information.
The Candy Bar Effect
A lot of security practitioners refer to the candy bar effect in cybersecurity.
Having a candy bar cybersecurity posture means that an organization has strong perimeter security - a crunchy outside. But they have not implemented a layered security strategy that makes it difficult for hackers to pivot through their systems once they are in - a soft inside.
This happens when security is focused solely on keeping hackers out instead of protecting sensitive data.
This security strategy is why we see massive data breaches so frequently.
When an attacker is able to gain access to a network, they are able to pivot to areas that should be highly secured and exfiltrate sensitive data.
Let’s look at ways to layer security.
Network security layers
There are many ways that you can layer security.
One widely accepted layered security strategy involved seven layers of security.
These seven security layers are:
1. Mission Critical Assets
This is the actual data that you need to protect. Usually, this is PHI or PII on your network.
In Zero Trust, this is often referred to as “toxic data” - that is, the data that would get your company in trouble if it is leaked.
Mission critical assets can include more than just data though.
If you have systems that must operate for your business to survive, those would be mission critical as well.
Examples of security controls: segmentation, encryption, need-to-know access
2. Data Security
Data Security controls focus on protecting data in storage and in transit.
This includes limiting access to systems where data is stored and security that data via encryption while it is being transferred.
Ensuring integrity of the data is also important. If you can’t trust your data, you will have problems.
3. Application Security
Application security controls protect applications.
Exploited bugs in applications is actually a huge topic and the cause of a lot of security incidents.
To achieve application security, you must use secure applications, keep applications up to date, and follow application development best practices when developing your own.
4. Endpoint Security
Endpoint security is about securing the devices in your environment - mobile devices, laptops, servers, cloud instances, etc. Antivirus isn’t the end all for endpoint security though.
To properly secure endpoints, begin with secure baseline configurations.
Other aspects of endpoint security that should be considered include: physical security, encryption of sensitive data, and updates and patches.
5. Network Security
Network security controls protect the data traveling on your company’s network - WiFi, ethernet, cloud VPNs, etc.
Remember that if an attacker has access to your network, they can do a lot of damage.
You have to implement the proper controls to mitigate this.
6. Perimeter Security Layer
The perimeter security layer can include physical security or electronic.
When someone talks about perimeter security, they usually mean controls like a firewall or email filter.
Basically, any control meant to keep attackers out.
The problem with perimeter based security is that the perimeter is changing.
With the rapid adoption of cloud technologies, the perimeter is moving.
Zero Trust is one answer to this security problem.
7. The Human Security Layer
Some say that humans are the last layer in a layered security approach, others say they’re the first.
No matter what way you look at it, humans are a critical component in security.
Everything we do in security involves a human.
Humans configure the firewalls, open the emails, connect to WiFi, and the list goes on.
There's no question that today's cybersecurity attacks are evolving.
Hackers are finding ways to bypass security systems every day.
Taking a layered approach to security is the only way to successfully keep attackers out of your networks.