Layering cyber-defences

Iwona Zalewska at Kingston Technology describes how to build layers of defence to protect critical data and systems

 

Such is the complexity of cyber-threats today it is no longer possible for security measures to be effective unless they are layered. The approach of ‘Defence in Depth’ has its roots in history. Military fortifications with trenches, barbed wire and minefields are standard practice on battlefields to delay enemy advances, and in the early days of banking, heavy vaults, security guards and multiple strong locks were deployed to keep out robbers. 

 

Building barricades against cyber-warfare is no different. Firewalls, multi-factor authentication, patch management, application security, encrypted hard drives and anti-virus software deliver a more robust defence if they are working together to protect all organisational data and systems bases, eliminating single points of failure.

 

One of the most important aspects of Defence in Depth is vulnerability management. While downtime is unwelcome in any organisation, there are some critical industries for whom it could mean disaster.

 

In an interview recently, David Clarke, the cyber-expert who headed up security for one of the world’s largest financial trading networks, said he’d managed an environment where an outage of more than 24 seconds a year, or two seconds in a single month, was simply not allowed. “You can’t stop trading trillions of dollars a day to do some patchwork,” he said. 

 

Vulnerability and risk management

Instead, he advised regular patching of vulnerabilities to ensure they are consistently addressed, heading off the threat of disruption to the business. Part of this means carrying out effective risk assessments to identify vulnerabilities and prioritise mitigation actions accordingly. As part of a Defence in Depth strategy, this activity ensures risk can be managed while building resilience against cyber-attacks. 

 

In its useful Toolkit, the National Cyber Security Centre, which is aimed at helping board members govern cyber-risk more effectively, recommends regular reviews of security to keep up with the constant adaptations that cyber-attackers employ. The NCSC has an Exercise in a Box resource which allows organisations to assess their resilience in a safe environment as part of a Defence in Depth approach.

 

Managing super users

While it better protects all users, Defence in Depth is particularly advantageous to organisations with super users. Often highly skilled experts in a software application, or holders of special access privileges, these users pose a significant risk if they are compromised. An attack on a super user can mean logs are switched off or deleted and data is exfiltrated and this can be done without the company even being aware.

 

Creating multiple access points mitigates the risk, but David Clarke believes that super users should also be subject to stricter controls, such as time-limited passwords, which minimise the opportunity for cyber-criminals to attack.

 

Employee training and incident response 

A robust Defence in Depth strategy needs to be understood in the organisation. Training programs for employees help to broaden awareness of risk, allowing threats to be recognised more quickly. “Everyone needs to understand how to escalate a potential incident straight away and key stakeholders must know how to triage that,” David Clarke commented.

 

A company-wide alertness to threats coupled with efficient incident response is not only key for minimising damage and ensuring a swift recovery, it is also necessary for meeting regulations such as NIS2 and DORA.

 

Encrypted drives

USB drives and external SSDs play an essential role in safeguarding sensitive data by encrypting information directly on the storage device itself. With the move towards remote working, they are being used more than ever and provide an additional, robust layer of security.

 

Hardware-encrypted drives are generally more secure than their software-based counterparts because the encryption process is managed by a dedicated secure microprocessor within the storage drive. Because this is isolated from the operating system, it is more challenging for a hacker to compromise.

 

Hardware-encrypted devices are also effective in providing resistance against Brute Force, or password guessing attacks. If a hacker tries to guess a password to gain access to a drive, they can trigger a crypto-erase defence that deletes the entire drive, rendering the data inaccessible. This “always-on” feature is important in guarding against physical attacks. 

 

Like other elements of a Defence in Depth approach, hardware-encrypted drives can help with meeting regulatory and compliance requirements and demonstrate a company’s commitment to data security. This is particularly important for industries that handle sensitive information, such as finance, healthcare, governments, or supply chains.

 

Defence in Depth is a comprehensive approach to cyber-security that draws on best practice guidelines to build protective layers across the IT infrastructure of a company. With vulnerability management, strict controls for all users, including super users, effective employee training and the use of encryption, companies are better placed to reinforce their security posture and defend critical data and systems. 

 

---

 

Iwona Zalewska is Regional Director for UK & Ireland, DRAM Business Manager, EMEA Region, Kingston Technology 

 

Main image courtesy of iStockPhoto.com and Vertigo3d