Future-Proofing Organizations: Importance of unified layered approach in cybersecurity

1. Network knowledge

You can only adequately protect your critical assets if you have knowledge of them. Cybersecurity teams in various organisations ensure that they have network knowledge by:

• Understanding what systems are on the network
• Knowing where the systems are
• Knowing what their connections are
• Knowing what their vulnerabilities are
• Knowing what software running and what patch level the systems are operating systems are at
• Knowing the exposure to attacks
• Having diagrams of the network for all the connections

The above knowledge will equip the cybersecurity teams in the organization to adequately defend themselves against cyber-attacks. Having this knowledge would make the incident response quicker as it would be easier to contain the attacker, separate the affected segments, and know critical systems to protect against cyber threats.

2. Network segmentation

As technology keeps on evolving so are the cybercriminals. Organizations use flat networks which means that once a threat actor is on the network, they will have access to any asset or application on the network. Due to the advancements in measures to mitigate cyber-attacks, cybersecurity experts implement and recommend network segmentation which splits the bigger network into smaller networks (segments). The network segmentation splits the network between the trusted and untrusted networks which involves creation of areas like the Dimerized zone (DMZ) which is specifically for applications facing the public internet and the enclave network with strong ingress and egress (this area is for more secure systems e.g. critical servers like core applications, databases, email, etc.). This enables the organization cybersecurity team with the ability to minus the spread of a cyber-attack on the network ( for example if the organisation has segmented its network in four segments and one segment has been compromised, to contain the attack and avoid it spreading to other segments, the cybersecurity team can separate the comprised segment from communicating with other segments.)

3. Layered access control

Organisation are implementing defense-in-depth because realistically no one control is going to work by itself. organizations need to implement multiple levels of controls both preventative and detective so that you can prevent the attack and if the attack does occur it can quickly be detected to perhaps mitigate its impact or to respond to it.

4. Strong authentication

The ultimate goal of a threat actor is to compromise the organization data and possibly demand a ransom. Organisations need to put in place strong authentication mechanisms like multi factor authentications solutions. And with the advancement in technology, we have technologies that are emerging like the zero-trust technology which has changed that notion of trust and verify to never trust always verify. The increasing need for strong authentication is to ensure that you know who is on the network and make it difficult for unauthenticated users (cybercriminals) to access the network.

5. Encryption

Organisation leaders and cybersecurity experts need to understand that the main cause of the increase in cyber-attacks is digital transformation. The more an organisation automates its processes the more it increases its digital landscape. This calls for the need for the implementation of encryption mechanisms to protect data, both in local storage and in transit from attacks.

6. Intrusion detection capabilities

Artificial intelligence was created for good, but threat actors are taking advantage of this new emerging technology and advancing with how to attack organisations. Organisation leaders and cybersecurity experts need to understand that you can win the war behind a keyboard and why cybercriminals attack using automated robots. There is a need for good Intrusion detection capabilities with artificial intelligence capabilities to proactively detect and recognize it quickly and not take hours, days, or months to know that an attacker is in the network.

7. Practice response capabilities

Cybersecurity is not an ICT issue but everyone’s responsibility, organisation leaders and cybersecurity experts will need to note that there are no foolproof solutions to cybersecurity, and it's just a matter of when your organization would experience a cyber-attack. However, the strength of an organization in responding to a cyber-attack if compromised is determined by how they respond and recover from the cyber incident. Therefore, organizations need to have practiced response capabilities so that if something does happen there is a need to know how to respond.

The time to learn how to respond to an attack is not during the attack, there is need to have in place documented procedures (i.e. Business Continuity Plan (BCP), Incident Response Plan (IRP), Change Management Plan, Disaster Recovery Plan (DRP), exercises or drills and practiced capabilities.

Therefore, given the continuous rise in the cyber threats, every organization should develop and/or have a robust, and change capable security plan to mitigate any future threats.

As is quite clear from the approach, there is only one strategy but they are layered. These measures include defense in depth security strategy in which an organization has to place several barriers to protection at various points of the IT structure against the cyber threats.

This approach uses several layers of security that in case one layer gets breached, all the layers do not get breached and this greatly reduces the risks of exposure to data loss and downtime in business.

This type of model makes it easier for different security tools and groups to work more closely together, thereby reducing the time it takes to detect threats, to respond to threats, and to manage threats. By enforcing a layered and coordinated concept of cyber we can strengthen positions by protecting the key points of an interest while keeping the advantage in the digital processes for the customers.