Reports of damaging cyberattacks and massive data breaches have become all too common in today’s cybersecurity landscape. Ransomware continues to dominate headlines, inflicting financial losses, disruption, and downtime. New threats, also known as zero-day threats, constantly emerge as cybercriminals adapt their attacks to avoid detection and bypass traditional security measures.
And as cyber threats increase in volume and sophistication, no industry is immune, and no target is too small. On the contrary, small to medium-sized businesses (SMBs) are becoming cybercrime’s primary and most lucrative targets.
So, how can businesses protect their networks and data? While there is no single tool that can guarantee your network’s security, you can significantly mitigate your organization’s risk and improve your cyber posture by adopting a layered security approach, also known as multi-layered security.
What is Layered Security?
Techopedia defines layered security as follows:
Layered security refers to security systems that use multiple components to protect operations on multiple levels, or layers. This term can also be related to the term defense in depth, which is based on a slightly different idea where multiple strategies and resources are used to slow, blog, delay, or hinder a threat until it can be completely neutralized.
Layered security is a network security approach that deploys multiple security controls to protect the most vulnerable areas of your technology environment where a breach or cyberattack could occur. The purpose of a multi-layered security approach is to ensure that each individual component of your cybersecurity plan has a backup to counter any flaws or gaps. These layers work together to bolster your defenses and build a solid foundation for your cybersecurity program.
Layered Security as an Industry Best Practice
This layered security approach aligns with the National Institute of Standards and Technology (NIST) Cybersecurity Framework, voluntary guidance that integrates industry standards, guidelines, and best practices to help organizations understand and manage their cybersecurity risks.
The NIST Cybersecurity Framework includes five primary functions: Identify, Protect, Detect, Respond, Recover. Your cybersecurity layers should enable you to identify and protect your business from cyber threats, detect when a cybercriminal has breached your defenses, and position your organization for the best possible outcome when responding to and recovering from a breach.
Defend Your Network with These Essential Cybersecurity Layers
Implementing multi-layered security is crucial to protect your network, users, and business-critical data. Here are 12 essential security layers you should have in place:
- Firewall. The first line of defense in your network security, a firewall monitors incoming and outgoing network traffic based on a set of rules. A firewall acts as a barrier between a trusted network and an untrusted network, only allowing into your network traffic that has been defined in the security policy.
- Patch Management. Outdated software is full of vulnerabilities, or security holes, that offer hackers an easy way into your network. "Patching" refers to the process of distributing and applying updates to software and firmware. Patches are important because they address functionality errors or bugs, boost performance, and close the security gaps that would otherwise leave your systems, software, and applications vulnerable to cyberattacks.
[Read More: Don’t Skip That Update: Close Security Gaps with Application Patches]
- Multi-Factor Authentication. Enabling multi-factor authentication (MFA) is one of the most important things you can do to reduce the risk of a cyberattack. Also commonly known as two-factor authentication, MFA requires multiple forms of verification to access an application, account, or corporate network. For example, after entering your password, you may be prompted to enter a one-time code sent via text message or push notification. These additional forms of authentication prevent hackers from exploiting weak or compromised end-user credentials to access your network.
- Endpoint Protection. Think about all the devices your business uses—not only laptops, workstations, and mobile devices but also printers, scanners, copiers, security cameras, smart devices (e.g., thermostats), and more. Every device connected to your network is a potential entry point for hackers. All of these entry points, known as “endpoints,” need to be included in your organization’s cybersecurity plan.
- Web Content Filtering. This software blocks users’ access to websites and online content deemed inappropriate or dangerous. Content can be blocked by specific categories designated at the organization level as well as based on databases of sites and sources that are known threats and/or considered high-risk for malware or phishing attempts.
- Email Filtering. Email remains one of the most common cyberattack vectors, with 94% of malware delivered by email. Opportunistic cybercriminals know it takes only a single click on a malicious link for an end-user to unwittingly grant access to their entire corporate network. Filtering emails at the gateway reduces this risk and helps to protect your users and your business from email-borne cyber threats such as phishing attacks, ransomware, viruses and malware, and business email compromise.
- Security Awareness Training and Phishing Simulations. Could your employees spot a phishing email if it slipped past your email filter and into their inbox? More than one-third of reported data breaches involve phishing emails. When building your cybersecurity layers, training on cybersecurity basics and best practices is essential to help end-users identify phishing emails and other common cyber scams that threaten your network’s security. This training can be reinforced through periodic phishing simulations, which test users on their vigilance in recognizing suspicious emails, further strengthening your defenses.
- Sophisticated Password Policy. Up to 73% of passwords in use are duplicates, which means if your password is leaked in one data breach, any other account using that password is also compromised. Password policies set organization-wide rules about password strength and complexity (e.g., irregular capitalization and special characters) to prevent password re-use, prohibit weak passwords, and improve your network security.
- Dark Web Monitoring. The dark web is home to many illegal activities, including the sale of sensitive and personally-identifying information stolen during data breaches. Employee credentials are a best-seller on the dark web, used by cybercriminals to access an organization’s confidential data, send email spam, install malware, and more. Dark web monitoring tools scan the dark web for email addresses and passwords associated with your company’s domain so you can identify and address these vulnerabilities before they can be exploited by a hacker.
- Physical Security. Does your security plan account for internal threats? Firewalls can’t protect your valuable data from being copied and stolen via a USB drive. That’s why your security layers must also include the physical security of your IT infrastructure. Physical security measures restrict access to and protect your on-premises infrastructure and spaces in which data is stored. Examples of such measures include access control systems, keycards and door locks, security cameras and surveillance, and security personnel.
- Business Continuity and Disaster Recovery. In the event of a disaster such as a cyberattack, are you sure your data is protected? Business continuity and disaster recovery (BCDR) solutions can mitigate the downtime and damage associated with a cyberattack, allowing you to restore your data and operations from a backup. Two important reminders: 1) Isolate your backups to ensure that if your network is breached, your backups can’t also be accessed and encrypted; and 2) Ensure your business continuity plan is documented, tested, and regularly updated.
- Managed Detection and Response. How do you detect when someone or something has gotten past your other layers of protection? Managed detection and response (MDR) is an advanced security solution that combines next-generation monitoring software and a 24/7 (human-staffed) security operations center to identify and isolate suspicious behavior on your network in real-time and immediately detain confirmed threats to prevent spread. If your preventative measures fail, MDR acts as the security camera that catches a cybercriminal sneaking onto your network and the alarm system that alerts you to the breach.
Without a detection and response tool, it can take more than 200 days to discover a data breach, giving hackers plenty of time to plan and execute a devastating attack before you are even aware of a problem.
Understand Your Risk to Build Your Security Layers
In the quickly evolving cybersecurity landscape, new threats are emerging daily, and employing a layered security approach is critical. But all too often, organizations believe they are not at risk and, as a result, are not prepared when their defenses fail and a breach occurs.
Implementing these essential cybersecurity layers mitigates your risk and builds cyber resilience to put your business in the best possible position to prepare for, respond to, and recover from a cyberattack.
In the fight against cybercrime, knowledge is power. If you don’t know what security measures your organization currently deploys or you are still relying on the same tools you used even a few years ago, you’re at risk of having gaps in your cybersecurity plan that leave your business vulnerable.
Has your business ever had a cybersecurity risk assessment? A cybersecurity risk assessment identifies the gaps in your current IT infrastructure to help you understand potential security threats and the associated risks (e.g., the cost of downtime) in order to shape a proactive layered security strategy for your business. Contact our managed security team to schedule your cybersecurity risk assessment and begin your proactive approach to security.
Editor’s note: This article was originally published in November 2018 and has been updated for accuracy, relevancy, and comprehensiveness.