Remember the 1990’s, when your new desktop computer came with Minesweeper, a full suite of productivity software – and an anti-virus program? Whether it was Symantec, McAfee or Norton, that icon on your desktop once meant that your office’s data and budding IT infrastructure was relatively safe and secure.
It was a great time to be alive.
Our digitally connected 21st century world is no longer so simple. Hundreds of millions of malware variants are launched each year. Millions of bots scour the internet for weaknesses, compromising individual identities by the hundreds of millions. Most networks have vulnerabilities to existing threats, as is so often evidenced by national headlines.
Smaller businesses are especially vulnerable to cyber threats
Major breaches, such as those at Netflix and Equifax, have tarnished reputations, cost millions of dollars, put hundreds of millions of individuals at risk, and often result in firings and reorganizations.
Small organizations can be even more vulnerable, because they don’t believe they are at risk, and they don’t have sufficient security controls in place. In fact, the National Cyber Security Alliance has found that 70% of cyber attacks target small businesses, costing them well into the six-figure range to clean up afterwards. A recent report that found 14 million small businesses were hacked in the last year. We’ve posted real-world examples of breaches, such as this hijacked non-profit and this ransomware attack that explain how they were breached.
No single security approach is sufficient
Sadly, the anti-virus of yesteryear is not enough. Instead, cyber security experts advise that layered security, involving a combination of technologies and processes, provides the best defense against the vast array of potential threats – as well as the best means to detect and react to an attack quickly and effectively, before it has a chance to do real damage.
A layered security approach integrates numerous defenses because hackers continually probe and scour for a variety of weaknesses. You may have a great anti-virus program, for example, but that won’t defend against an email phishing attack. Although a firewall can analyze and inspect the traffic that passes through it, some malware employs DNS and other accepted protocols in order to slip through. If you are relying on that firewall as your main line of defense, the attack could be catastrophic, especially if you don’t also incorporate a system of monitoring and remediating breaches. Any single line of defense can – and will – be defeated, so it is essential to layer your defenses, incorporating a mix of technologies, policies and ongoing training.
Defense in Depth
Mitigating the human-error element is key to success as well. Many breaches begin with a network user unwittingly clicking on a link, an email or a malicious website. Training and process design can significantly reduce the possibility of such an attack succeeding. For this reason, layered security involves not only the latest technological defenses, but regular, ongoing training and process refinement as well.
Very briefly, here’s an outline of a sample layered security program’s chief elements:
Web filtering and protection
Protects all your devices whether they are on or off the network by blocking malicious URLs, IP addresses, and files before your computer connection is ever established or a file is downloaded.
Security Awareness Service
Educational programs to educate employees about phishing threats and other online scams. Simulated phishing is frequently included to assess training effectiveness. The best-performing programs also deliver ongoing information to keep staff engaged, attentive, and alert – and human error minimized.
Advanced Threat Protection (ATP)
Analyzes suspicious code to help discover and stop newly developed malware. Blocks files and automatically authenticates them in near real-time.
Layered on top of Apple and Microsoft operating software, this technology encrypts information so it is not easily deciphered by unauthorized people, enables data access restrictions and remotely wipes devices, should they be lost or stolen.
Deep Packet Inspection of Secure Socket Layer (DPI-SSL)
Inspects encrypted traffic for threats or vulnerabilities by decrypting SSL traffic, scanning for threats, then re-encrypting and forwarding to its destination. The SSL technology typically inspects traffic between a server and browser or mail server and email user. 70% of web traffic is HTTPS. If you're not using DPI-SSL, that traffic isn't being scanned or monitored.
Secure Password Management
Cloud-based automated password protection makes storing, managing, and retrieving recommended long, complex and unique passwords quick and easy from virtually any connected device.
IT Policies & Procedures
A core set of basic policies to ensure that an organization’s systems, equipment and software are used as intended to reduce vulnerability to human error and prevent security lapses. Typical policies include Acceptable Use, Bring Your Own Device (BYOD), Email, Remote Access, Removable Media, Backups, and Account Management. Organizations subject to regulatory compliance must meet a higher standard of policies and procedures.
No Silver Bullet
There’s no such thing as total security, but by strengthening your defenses, your appeal as a target dramatically decreases. The reality is that organizations simply cannot afford not to employ a layered security system. The days of relying on the manufacturer’s factory software package are behind us.