A cyber attack takes place every 39 seconds. This alarming rate of attacks means businesses all around the world are facing relentless breaching attempts in order to steal data. Having a strategy to defend your data and business is crucial to preventing a successful cyber attack. A great strategy to implement is Defense in Depth. Defense in Depth is the use of multiple countermeasures to protect the sensitive data of an organization. This layered approach to cybersecurity allows another security layer to defend a cyber attack in case one security measure fails.
Origins:
Defense in depth was a strategy that militaries used to slow the progress of intruders by the use of barriers. The time that it took to slow down the intruders was used by troops to watch their movements and execute a swift response. This strategy gave the troops the upper hand and prevented the casualties that would result from immediately trying to retaliate. This method relates to protecting businesses today because businesses can use a mixture of defense mechanisms in a layered manner to prevent a single attack from succeeding.
Elements of Defense in Depth:
Physical Controls: Physical controls are the first layer in a defense in depth strategy. Physical controls refer to using security measures that impede hackers from gaining physical access to a business. Some examples of this include the use of security guards, badges and locked doors. This method is a great way to prevent any onsite attacks from happening to a business.
Technical Controls: Technical controls is a crucial layer in a defense in depth strategy; they refer to security measures that protect network security by the use of hardware and software. These measures include two-factor authentication, VPNs, firewalls, web scanners and more. These technical controls are generally enough on their own against hackers, but using them as a second layer in a defense in depth strategy reduces the chance of a breach exponentially.
Administrative Controls: Administrative controls is the final layer in a defense in depth strategy. Administrative controls comprise of security measures that are policies and procedures in how an organization works with its employees and vendors. These controls ensure that sensitive data is handled carefully through the transmission and storage of data. Administrative controls can instruct vendors and employees to label data as confidential.
How to implement defense in depth?
The specific measures your business should use for each security control should be tailored around your industry and specific business needs. For example, a hospital may rely heavily on physical controls like badges and security guards, while a startup tech company may rely on technical controls like VPNs and two-factor authentication. It’s important to craft a defense in depth strategy around the most sensitive data in your business and select security controls based on that. If you’d like to learn more about defense in depth and how it can be implemented in your business, talk to an expert here today.