Defense in Depth is needed to address the security risk with the ever-evolving threat landscape as cyber threats are growing rapidly in scale and sophistication. Defense in Depth is a comprehensive approach employing a combination of advanced security tools to protect the organization’s endpoints, data, applications, and networks.
More companies are using cloud-hosted Software-as-a-Service applications, many of which are mission critical. The privacy and security of an increasing amount of data entered through websites make the applications increasingly difficult to manage.
As companies continue to grow, and the number of devices and services used by the organizations increase, it becomes more important to have security layers with a Defense in Depth strategy. The first step is to conduct a comprehensive risk assessment identifying all assets that need protection, as well as the potential threats and vulnerabilities that could be exploited. The risk assessment should also report the possible impact of a successful cyber-attack. This assessment should be conducted by a team of experts who understand the complexities of cyber security and how networks are designed with cyber security in mind.
Organizations need to recognize the inherent risk factors which cause vulnerabilities, make it possible for threat actors to compose malicious attacks, and increase the likelihood of external data compromises leading to fraud. They also need to develop a security policy outlining measures that must be taken to protect the business. The security policy should also establish clear guidelines for handling sensitive data and the use of third-party vendors.
‘There is often a lag between instant payments coming online and fraud attacks in a new market,’ says Shahar Ronen, product manager of payment risk at Plaid Inc., an open-banking specialist. ‘Fraudsters will take the time to understand the new market structure and identify points of weakness. It may seem initially that fraud is less of an issue than expected, but it is generally only a matter of time.’
Organizations should use a combination of different cyber security measures to protect against fraud. Some of these measures involve:
· Strong encryption protocols to protect data
· Continuous monitoring to protect against fraudulent activities
· The use of multifactor authentication for all protection channels
· A comprehensive review of the network boundaries to ensure proper end point protective mechanisms are in place
Additionally, as more companies are moving to the cloud environment and container setups, organization must thoroughly review the system security plans for all cloud vendors. Furthermore, companies need to do a complete analysis of the data being placed within these cloud environments and to determine the value of the data loss should it be compromised. More and more cloud environments are installing Artificial Intelligence (AI) capabilities within the network perimeters. This presents unique challenges for organizations way behind the curve.
The organization should be thoroughly reviewing that virtual patching is applied to the network to protect existing legacy applications installed on cloud virtual machines. It’s extremely important to ensure the cloud vendors are using web application scanning on all virtual machines. Whenever it finds a threat, it creates an automatic rule in the web application firewall to quarantine the vulnerability immediately.
Organizations also need to ensure that data-in-transit is encrypted using SSL and TLS. All digital certificates must be up to date on all incoming requests.
Another aspect of Defense in Depth is to appoint Adaptive Application Control that dynamically applies both allow and block lists to keep unwanted traffic out of the virtual machines within the cloud environment. This is also critical in SQL Servers, which store structural relational data to ensure threat detection is enabled both on the database level, or the entire server level.
Implement access control measures should be in place to ensure only authorized personnel can access the information and assets. All businesses should consider implementing privileged access management solutions. This is to ensure that only authorized individuals have access to sensitive information based on their job role and responsibilities.
The tactics covered here include a comprehensive review of necessary measures while implementing network and end point security measures, conducting security training, and executing incident response procedures. These are all critical components of a Defense in Depth cyber security approach.