Re-inventing cyber security with a multi-layered approach

Johannesburg, 08 Feb 2022

The complexity of cyber security threats has increased over the years. Additionally, the number of attack surfaces that can be used by cyber criminals has expanded phenomenally with the rise in remote and hybrid workplace models. With such a wide scope of possible cyber threats, there’s no single solution that can counter them all.

A multi-layered approach to cyber security is needed for multiple reasons. One, there are too many plausible threats with widely different characteristics. It’s impossible for any one security solution to defend against all these attacks. For example, a firewall may monitor and authenticate access to networks and applications, but it can do absolutely nothing to prevent a spear phishing attack. Two, even a single cyber attack can comprise multiple threats that together form a cyber kill chain. In most cases, different security controls can detect only parts of that attack; to deflect the entire attempt, multiple security factors need to work coherently. Three, even when one security layer fails, the next one can step up to prevent further spread of the attack, reducing the impact and containing the data breach to a large extent. Furthermore, a multi-layered approach provides flexibility to examine and manage the different layers of security independently.

An ideal cyber security strategy should comprise cohesive security practices led by multi-faceted security solutions. The following are a few of those security layers:

1. Firewall

A firewall acts like a gatekeeper for networks by protecting them from unauthorised access. It’s essentially a security system for networks that uses a predefined set of rules to analyse the network traffic. When any request for access to data or an application is generated, it must pass through the firewall verification. The firewall analyses the requests and grants or denies access based on the provided rules. If any incoming traffic is flagged by the firewall, the access request is denied and blocked. Applications, networks and resources are all secured behind the firewall.

2. VPN

A VPN is a security device that virtually establishes a private communication channel by connecting the user device to a secure server. When users access any network through a VPN, the data is encrypted and shared through a secure route. This hides the user’s private information, like their IP address and location. VPNs are an effective solution not only in securing data from cyber criminals but also in protecting users from websites and search engines that track and collect user data.

3. E-mail security

As e-mails have become the central mode of communication in organisations, it’s crucial to protect e-mail accounts and the data being shared from possible cyber-threats. E-mails are vulnerable to multiple threats, including phishing attacks, spam e-mails and malware attacks. Invest in a cloud-based e-mail gateway, which secures the e-mail server by monitoring the e-mail traffic to block malicious attachments like phishing links and spam e-mails.

4. MFA and password security

Multi-factor authentication, or MFA, is a security practice in which multiple authentication methods like user credentials, physical tokens and access codes are deployed for the verification of the user identity before accessing an application, account or device. MFA is central to the process of identity and access management and acts as the first level of security. Pass-phrases that are difficult for the hackers to crack but easy for the user to remember can be used for additional password security in MFA.

5. Privileged access management

Privileged access management (PAM) is based on the principle of least privilege, where organisations grant employees only the minimum level of access required to perform their job responsibilities. The idea of least privilege is to provide only restricted access to highly valued data and resources. This aids in reducing the scale of cyber risks that may arise from insider threats or external attacks by protecting the most valuable data at all costs. With PAM, every action a privileged user performs is monitored, recorded and reported on to create a tamperproof audit trail of those activities.

6. AI and ML

Artificial intelligence (AI) and machine learning (ML) are data-driven technologies that can be used to detect and prevent cyber crimes. With its capability to mimic human intelligence without making errors at operational level, AI can be used to automate routine security tasks, detect any suspicious activity and stop a full-fledged cyber attack. ML can be deployed to analyse historical data and use the findings to identify possible cyber crimes and take proactive steps to prevent them in advance. For example, identity analytics tools employ user behaviour analytics to detect unusual user behaviour. Behavioural biometrics, a real-time application of AI and ML, can differentiate legitimate users from possible scammers by detecting unusual changes in the user behaviour.

Besides these security measures, organisations are leaning towards deploying zero trust – a cyber security framework based on the principle that no network, device or user should be trusted by default, even within the perimeter of a firewall. While each security measure protects individual potential targets from cyber attacks, zero trust functions to protect the entire attack surface, granting visibility into user activity irrespective of its location or network. When no network or location is deemed to be safe by default and authentication is required continually for access, the possibility of a cyber attack is largely reduced. Even if an attack does occur, zero trust limits its surface spread and protects the entire security system from instantly failing.

Contact us for more information.