By Zakir Hussain, CEO, BD Software Distribution
Security attacks can happen to your company in many different ways. In the past, cybersecurity was simpler and it was easier to prevent attacks. It was similar to protecting the front door of your home. With the right locks, you could prevent an intruder from getting in.
These days, you need to secure more than just a single door. There are multiple doors, windows, entry points throughout the entire house. There are so many potential access points that simply relying on locks won’t work. Organizations need more than a single solution to be completely secured and be able to prevent an attack, defend against one, and recover if they’re successfully compromised.
The best way to do this is through layered security. This refers to having multiple tools, systems, and processes that overlap and provide preventative and proactive cybersecurity. These tools and systems should inform each other in order to create a more secure environment. Here’s why layered security is important and how organizations can get there.
Companies of all sizes need to protect more than ever
Bad actors can focus on a specific part of a company’s IT to compromise and potentially break into the organization. That area is known as an attack surface. The larger the attack surface, the more risk a company incurs, and the more a company needs to do to defend and secure it. It would, for example, be much easier to secure a small ground-floor house compared to a multi-story apartment building.
Over the last few years, the average attack surface has increased largely because the digital scope of a company’s environment has increased. This includes:
Endpoints, such as laptops, servers, office devices as well as remote devices and private devices connecting to your network (such as an employee’s cell phone). Cloud usage continues to increase as well as cloud-based vendors, which includes tools like Office 365, Slack, Zoom, and Google Drive. Smaller companies are most often likely to use cloud-based services and partners to streamline services and departments. Internet of Things (IoT) devices such as smart screens, fridges, printers, cameras are connected to the internet and may not have the best security. Employees are still the weakest link when it comes to defending a company from the bad guys – each individual may represent a potential risk. Multiple locations/home workers/hybrid workers require increased security measures, especially if data is being housed and/ or transferred across these locations.
Advanced attacks need more than just endpoint security
Because of all these areas the bad guys can use to attack and break into companies, every type of business, both large and small, are under threat of more advanced attacks. These kinds of attacks leverage vulnerabilities outside of traditional endpoints and are often carried out with more research and targeted precision. They often target vulnerabilities within popular cloud-based apps, or target a company’s cloud infrastructure, aiming to directly reach sensitive data and assets.
Even employee-based attacks have evolved — spear phishing and BEC attacks take advantage of unsuspecting employees by impersonating key people in the company, resulting in significant financial loss that many small companies can never recover from.
How organizations can build comprehensive security through layers
In order to account for all of the doors, windows, and other entry points that put a company’s house at risk, it’s important to build comprehensive security through a layered cybersecurity strategy that incorporates preventative controls, proactive action, detection, and response capabilities. Many of these capabilities are above and beyond what traditional endpoint security offers.
Having awareness of everything in your environment can help protect it. Think of it like knowing all your house’s entry points and knowing exactly where your safe and most important documents are.
Once you have clearer visibility into your environment, you can deploy tools like endpoint detection and response (EDR) and extended detection and response (XDR). These are analytic tools that encompass your entire network and any cloud infrastructure to properly identify any unauthorized users or malicious attacks occurring in your environment. EDR detects threats and potential compromises at the endpoint level and provides actionable information to a team, allowing them to properly next steps to contain and remove a threat (or to leave it alone if it’s found to be a benign alert). XDR looks beyond the endpoint and incorporates security information from other sources, including the cloud, which further protects a company’s infrastructure and assets.
Hardening refers to a set of processes that ensure you’re minimizing the risk of a compromise or an attack. It’s the equivalent of installing burglar-proof windows and upgrading your lock systems to defend against common forms of intrusion. Examples of hardening include patch management — this is the process of ensuring all your devices, systems, applications, and services are running the latest version of the software. This will prevent attackers from taking advantage of known vulnerabilities. Hardening also includes targeted security controls and tools like email security, spam filters, antivirus tools, and full-disk encryption that protects data even if it’s stolen and taken out of a company’s network or servers.
The cloud has become such a crucial element for most companies that it requires its own security measures. Companies need to have ways to protect and secure software like Office 365, One Drive, Google Apps, and more. These are targeted security tools that can help secure cloud-based files, servers, and containers.
How you respond to a potential attack matters just as much as what you do to prevent an attack. Just because a burglar enters your house, doesn’t mean there’s nothing else you can do to stop him. Response tools can help you remove an attacker or minimize the damage they can do to your company. This includes tools like EDR, XDR as well as response services from partners who provide managed detection and response or managed security providers. By outsourcing the work to a team of experts available 24/7, you’ll be able to react much faster.
Companies don’t have to do this by themselves — how third-parties can help
Building a comprehensive security department can be difficult because it requires a lot of resources. Not only are multiple security tools and technology needed, but talent and security personnel are required in order to make use of all the information, alerts, and data sent to organizations by these tools.
Finding the right talent and tools can be a nearly impossible task, which is why you should consider partnering with a key cybersecurity vendor. Leveraging managed detection and response (MDR) providers who incorporate EDR and XDR for a comprehensive understanding of your IT environment that can help you better protect the company against advanced attacks.
Companies may also consider working with a managed security service provider (MSSP) who can act as an outsourced cyber security department. These providers can use tools and technology and respond to threats quickly to prevent any damage from happening.
While building comprehensive cybersecurity can be difficult, organizations have many options available to them. What’s most important is that they don’t just stop at a single preventative tool. Otherwise, you’re leaving your house wide open.