The value of a multi-layered cyber defence strategy

A multifaceted defence mechanism can significantly reduce the impact and risk in the event of a cyber attack or breach.
Nilesh Jivraj
By Nilesh Jivraj, Cyber security sales specialist, CASA Software.
Johannesburg, 01 Mar 2024
Nilesh Jivraj, cyber security sales specialist, CASA Software.
Nilesh Jivraj, cyber security sales specialist, CASA Software.

We all know the grim statistics −a simple internet search will tell you that data breaches cost businesses an average of $4.35 million in 2022, with just over 236 million ransomware attacks happening across the globe in the first half of that year alone.

South Africa ranks high on the attack lists of hackers − we are the fifth most attacked country globally.

The impact of this scourge is profound. The cost of responding is exceedingly high and there are other matters to consider, including potential regulatory fines and long-term reputational damage.

There is no silver bullet to prevent the occurrence of cyber attacks, but a multi-layered defence mechanism can significantly reduce the impact and risk in the event of an attack or breach.

It is advisable to prioritise risks, arranging them from the highest to the lowest based on their potential impact.

Embarking on this multi-layered journey requires a foundational step that is critical to success: a comprehensive security assessment of the organisation.

This is imperative for a thorough understanding of the existing tools, procedures and mechanisms aimed at risk reduction. Following this, a detailed gap analysis should be conducted to meticulously identify and evaluate areas that require attention.

It is advisable to prioritise risks, arranging them from the highest to the lowest based on their potential impact. This enables the formulation and implementation of targeted strategies that focus on mitigating the most critical ones first.

The journey does not end with the implementation, largely because threats evolve. It is therefore imperative for the continuous enhancement and assessment of the environment to ensure the company consistently improves its security posture.

It is also important to choose the right cyber security partner, which will ensure the appropriate technology stack, such as:

  • An effective endpoint security solution that will assist in preventing the most common form of cyber attacks emanating from multiple sources.
  • A data loss prevention solution that secures the flow of information as it traverses multiple touchpoints throughout the data lifecycle.
  • A robust access management solution across the network that ensures users have the appropriate rights, roles and privileges when accessing data.
  • With humans being the weakest link on the network, a cyber security awareness training programme can significantly decrease risk.

Other important matters to consider are multi-factor authentication, proper firewalls and intrusion prevention capabilities. Finally, secure backups that follow best practices like a 3-2-1-1 methodology (three backups on two different media − one offsite and one on immutable storage). This will greatly improve risk scoring and recovery process should the first line of defence fail.

What about cyber insurance?

This must be viewed within the overall security context. Insurance organisations are there as a last resort should the organisation face claims post an attack.

For businesses of all sizes, a payout can assist in recovering costs that would otherwise be financially crippling. However, cyber insurance cannot be implemented in isolation as a failsafe when the inevitable happens − policy payouts will not save the company's bacon in the wake of an attack.

At best, a payout will only help towards recovering some costs but will not prevent closure of the business.

On the positive side, cyber insurance is driving the adoption of best security practices, adding value to business security profiles. Just as when applying for insurance on the contents of a house, an insurer will demand certain best practices are in place before it will accept the risk − it's no different with cyber insurance.

I recommend building a relationship with a broker who is experienced and knowledgeable in the niche field of cyber insurance, and who has relationships with the major insurers that offer such products.

However, this is just one element of a broader security strategy that should also involve collaboration with cyber security partners, given the rapid evolution of cyber security measures. This is especially crucial in the absence of a CISO backed by a well-staffed security department.

Test, test and then test again

Incident response is a critically important component of an effective cyber security programme. Once a breach occurs, it is necessary to have a well-oiled response.

In fact, claiming successfully against a cyber insurance policy might be contingent on the quality of the incident response, which in turn depends on how vigorously and regularly it has been tested.

In any event, this will play a huge role in minimising the fallout. This is not the sort of thing that can be made up on the spur of the moment. It needs to be put in place well in advance and regularly updated and tested.

In conclusion, while cyber insurance has a role to play in protecting an organisation's assets, it must be integrated into a multi-layered defence framework that includes partnering with the right cyber security specialist.

Embracing this holistic strategy will ensure peace of mind that you have a resilient cyber security defensive mechanism.