Definition: A layered cybersecurity approach involves using several different components in your strategy so that every aspect of your defense is backed up by another, should something go wrong.
Why Is a Layered Cybersecurity Approach Necessary?
Cybersecurity in 2020
As we came into the new decade, cybersecurity was already a number one priority for most businesses.
We only have to look back at the business environment last year to see the damage being done by various forms of attack—be it ransomware, phishing, or any other attack vector.
So it was already on the agenda for most people; in fact, we published a blog bout the need for small and midsize businesses to stop relying on basic security software.
COVID-19 and cybersecurity
The coronavirus pandemic, in addition to uprooting businesses and employees across the country and the world, has also had the effect of waves of cybercriminals rushing in to fill the vacuum of under-secured organizations and take advantage.
96% of IT decision makers believe their organizations are susceptible to external cyberattacks and 71% say they are not prepared to cope with them
Hackers and other cybercriminals thrive off of uncertainty, and the COVID-19 crisis has unfortunately presented them with an easy target.
In times like these, people are anxious, vulnerable, and—most importantly—away from their usual places of work; meaning devices are often far less secure than they normally would be.
By far the most threatening attack we’ve seen over the last few months has been phishing scams, which are hooking people in by posing as informational sources for end users, only to infect their device when they click on the attached file.
Phishing emails have spiked by over 600% since the end of February as cyber-criminals look to capitalize on the fear and uncertainty generated by the COVID-19 pandemic
There has been an uptick in the number of phishing emails that pertain to COVID-19 being sent, and with 52% of cyberattacks directly attributable to human error, it’s clear that many workers lack the correct knowledge to appropriately deal with this new wave of attacks.
Remote work and the Internet of Things
The perfect storm of cybersecurity vulnerabilities this year has been further exacerbated by two things: the long-term proliferation of devices to protect; and the scale of remote working which has skyrocketed in recent months.
It was already difficult for organizations to secure their workers’ various devices, now it’s an entirely different proposition to safeguard them while they’re operating from their homes.
How Does a Layered Strategy Work?
Not relying on basic security is key
Owing to the current cybersecurity landscape, it’s becoming more apparent that a basic security strategy simply won’t cut it in 2020.
As the cybercrime industry grows in size, resources, and sophistication, organizations must respond to keep pace, something that doesn’t appear to be happening.
In a survey by the Ponemon Institute, only 26% of respondents said their organizations have been able to decrease the time it takes to respond to a cyberattack
In order to effectively meet and head-off the rise in attacks, which can very easily bankrupt an SMB, companies must invest in a strategy which employs a range of technologies and solutions to cover all bases.
Utilizing an array of solutions
What exactly do we mean when we say this?
Well, many businesses, big and small, may be accustomed to just using a basic firewall and antivirus solution. Maybe they don’t have the resources to buy a raft of different solutions and pay a team to operate them. Maybe that’s just what they’ve always had and never gave it a second thought.
An organization should not see cybersecurity as a one-and-done job—much like digital transformation in general—it’s a continual process that involves monitoring, threat hunting, training, and more.
The idea behind this is that each solution can act as a kind of failsafe, so your business isn’t relying solely on your operating system’s built-in firewall.
Which solutions make up the layers?
What solutions do you need exactly to have a layered cybersecurity strategy?
Well, let’s go over the technology you need to adequately protect your business from harm.
Network and mobile device management
A management system is used by organizations and vendors to monitor the health of devices. It’s essentially your eyes and ears for everything that you need to look after, even the devices of remote workers operating out of the office.
Ways an MDM can help:
- Restrict access to apps or device settings
- Standardize devices
- Establish Security policies
- Enable Network security for BYOD policies
- Quicker device provisioning, deployment, and employee onboarding
87% of companies are dependent to some degree on their employees’ access to mobile business apps from their smartphones
Advanced spam filtering
Advanced spam filtering will help protect your employees from receiving dangerous phishing emails.
But don’t email providers have spam filters anyway?
Well, yes, but filters that are free are often lacking in many of the filtering techniques used by advanced filters. Anyone who has a Gmail account will know that spam can still get through, in spite of its filter.
A quality advanced spam filter will offer the following techniques:
- Reputation-based email filters
- Content Analysis
Related Post: What Is Next-Gen Antivirus?
Traditional antivirus solutions lack the capabilities of next-gen antivirus software, which utilize the following technologies:
- Machine learning: Files are analyzed before using an automated bot which can discover any malicious elements—all without any interruption to the user.
- Behavior analysis: Computer processes can be monitored in real-time and detect any abnormal behavior, terminating malicious processes.
- Threat intelligence: When a device encounters a threat, every other device under network will be updated to counter the danger without any need for manual input.
Web application firewall
A web application firewall is used to stop threats against your website or applications hosted on your site.
In many cases, business applications are tied into your network, so a WAF can help protect this communication channel.
Website backup and restore
18,500,000 websites are infected with malware at any given time, while the average website is attacked 44 times every day
It’s not just your networks that are vulnerable, your website is too. A solution that allows you to instantly backup and restore your site should the worst happen is absolutely vital, and yet many, many businesses have nothing to protect their sites in the event of a breach.
Multifactor authentication (MFA)
MFA is a simple and highly efficient way of ensuring security with your workers’ login credentials.
Microsoft cloud services see 300 million fraudulent sign-in attempts every day. They estimate that MFA blocks 99.9% of automated attacks
MFA requires the user to have a traditional sign-in method (usually a password), in addition to something more personal, like a fingerprint or text message.
Security awareness training
According to Kaspersky, 46% of cybersecurity incidents in the last year were due to careless or uninformed staff
We’ve spoken about how cyberattacks are increasing, and in particular the rise of phishing attacks on SMBs. Phishing relies on exploiting end users who don’t know what to look for in a spam email.
To address this, it’s absolutely crucial that organizations train their employees so that they won’t be hoodwinked by a cybercriminal.
- Cyberattacks are increasing in scale and sophistication—combined with large remote workforces, SMBs must be vigilant about their security
- In 2020, it’s not enough for an SMB to rely on a single or even a few solutions, they must adopt a layered cybersecurity approach
- A layered cybersecurity strategy means that if an attack gets past one solution, another will be able to pick up the slack as a failsafe
In light of recent events, many organizations have found themselves playing catchup with their cybersecurity, trying to implement makeshift solutions to make up lost ground while their workforces are working remotely for the immediate future.
To find out more about how you can ensure your business’ cybersecurity is in good shape for now and for the future, download our eBook, “What Makes a Good Cybersecurity Defense for a Modern SMB?”.