Defence in Depth: The 2022 Guide to Layered Security
The Current State of Security In 2022, cybersecurity is more important than ever.
Although the threat landscape is constantly evolving, the last three years have seen some major changes to the way that cybercriminals attack businesses, and there have been dire consequences. So far in 2022, 39% of all UK businesses have identified a cyberattack, with phishing attacks accounting for 83% of all attacks. With cyberattacks becoming more advanced and prevalent, it is important that all businesses, regardless of size or industry, understand the common attack methods, and have systems and policies in place to reduce their cyber risk.
In terms of news coverage, ransomware has been the number one cyberattack over the past 5 years. There have been some major ransomware attacks throughout the UK and the Republic of Ireland recently. Some of these include an attack on the Irish Health Service Executive, with recovery costing $442m, and an attack on the Hackney Borough Council costing approximately £10m to recover from.
Whilst ransomware attacks have steadily increased in prevalence over the past 5 years, it is more concerning that from 2020 to 2021, ransomware related data leaks increased by 82%. This is due to double extortion, whereby if the company can recover from a ransomware attack through backups, without paying the ransom, the attackers will exfiltrate the data and either leak it online or sell it to the highest bidder. Many of these ransomware attacks are initiated through phishing emails.
Although in the past ransomware was typically a ‘spray and pray’ attack, now most attacks are instigated through highly targeted spear-phishing campaigns. These attacks are where the cybercriminal researches their target business and individuals, then tailors the phishing attack to them. Another group of attack methods that are still plaguing businesses is a variety of password attacks. These attacks are typically initiated through credential stuffing, a form of cyberattack where the hacker collects stolen account credentials, typically usernames/emails and passwords, in order to gain access to other accounts.
Read our new eBook to learn more about each following layer of defence:
Layer 1: Email & Web Security
The first layer of defence is email and web security. This layer is extremely important with 90% of IT professionals stating phishing emails as their number one concern.
Layer 2: Perimeter Security
This layer includes technologies such as Next Generation Firewalls, Security Information and Event Monitoring and vulnerability management.
Layer 3: Internal Network and Access Security
If a cybercriminal successfully penetrates the first two layers of security, the next goal is to stop them from moving laterally across a network or accessing any additional data or IT systems. There are many technologies involved in this layer including Identity and Access Management (IAM), attack surface reduction and network segmentation.
Layer 4: Endpoint Security
This layer is designed to secure any device connected to a network or IT system, including laptops, mobile phones, desktops, IoT devices, servers and virtual environments. This is achieved through an Endpoint Protection Platform (EPP), including Endpoint Detection and Response (EDR) and automated investigation and remediation.
Layer 5: The Human Layer
Although the previous four layers of security should prevent most cyberattacks, it is essential that employees have sufficient knowledge of cybersecurity to be able accurately identify and report any potential cyberattack or threat. The main concept within this layer is the human firewall.
Layer 6: Backup and Disaster Recovery
The final layer of security within Defence in Depth is backup and disaster recovery. If all else fails, businesses need to be able to recover their data so they can continue to function after a major cyberattack.
Looking Towards the Future
Whilst the previously mentioned attack methods have been around for quite some time, the ways in which cybercriminals target businesses is constantly changing. Alongside these attacks, there are also completely novel attack methods and malware types that are unknown to any business or security professional. This creates a difficult situation for businesses as they must protect themselves against unknown threats that may not currently exist.
As these new threats could be exploiting any attack surface, it is essential that businesses layer their defences to protect their critical assets.