Layered Protection

Defence in Depth Cyber Security

Implementing a layered security approach is called Defense in Depth in Cyber Security. Every operational security control can have multiple layers of protection, which can work together or independently to guard an information asset from any threat. Defence in depth – DiD is a highly customisable mechanism where the role of technology, operations, and people can be integrated into a redundant multi-layered defence system.

The Security Threat Landscape

The threat to the security landscape is complex and constantly changing. The hackers are finding new methods to exploit any vulnerability before even a patch is released by the vendor. Every organisation keeps valuable information about their business and customers, making them a target. In most cases, cyber criminals have a choice to pick and go after whichever organisation they want. Hence, it is crucial to implement a multilayered approach to secure information and IT assets; the concept of Defence in depth would be a great help with it.

Mainly, every organisation is interested in protecting their data’s Confidentiality, Integrity, and Availability. This meant the privacy of their confidential information and data should remain intact. There should be no threat to the integrity of the data to be changed as a result of any phishing attempt or cyber attack, and it should always be available to them or their customer. The protection around the organisation’s security landscape can be improved with careful planning and introducing defence in depth security concepts.

Three main security components:
Humans, Technology, and Processes.

Technology and Processes won’t be much of use if humans/users are not trying to follow the rules; for example, the complex password policy won’t help if users write the password on a sticky note to keep it near the keyboard. All three major security components, Humans, Technology and Processes, are equally responsible for creating a secure environment.

Human or User actions are not often motivated by malicious intent; it could be a mistake with severe consequences for the organisation. The human element is not limited to IT staff but is equally crucial for all users. For example, a phishing email, an email attachment or a malicious website link sent in an email could be mitigated by using technology, an anti-spam system, or by installing antimalware software. However, it would still be down to the user to choose not to react or act in response to the delivered email, which looks legitimate.

Understanding Layers of Defence in Depth

The concept of Defence in depth allows the creation of multiple layers of security, making it more difficult for attackers to breach the network and access sensitive data. Each layer or its sub-layer would act as a defence mechanism; if one layer is compromised, the others are designed to offer much-needed additional protection. It’s a detailed approach indicating that no single security measure is enough and that security requires a multi-layered strategy to effectively protect an organisation’s information assets.

Prevention

Prevention is the most important of all layers, which should focus on avoiding becoming a victim of security lapse or a breach. Start with conducting a risk assessment for the valuable assets that require protection. Prevention layer can be further divided into multiple layers. An Endpoint user device can have an antimalware installed and the network is protected with firewall is an example of multi-layered approch.

Detection

The detection layer is crucial to monitor and identify the signs of suspicious activities or security incidents in an IT environment. This layer is responsible for promptly detecting and alerting security personnel to potential threats, allowing for a swift response to mitigate or prevent security breaches. Activity in the detection layer generally indicates a lapse in the prevention mechanisms.

Response

The organisations should be fully prepared and well-rehearsed to respond to the threat; once detected, the incident response process is initiated to investigate, contain, and remediate the issue. The aim should be to minimise the impact of a security incident and prevent further damage to the organisation’s valuable assets. Professionally trained incident response teams play a crucial role in controlling the damage.