3 Effective Layers to Enhance your IT Security26th of February 2019
Opinion by Kim Aarenstrup, Executive Advisor
In today's cyber threat landscape, your focus should not merely be on avoiding being hit by a cyber attack – very few organisations manage to avoid incidents completely. This means that what really matters is the way your business handles the attack when it strikes, and how quickly you can get back on track. Three layers of protection, or barriers, can help you effectively manage and understand your company's IT security.
Get an overview of your company's IT security maturity
To protect your business from cyber attacks that have catastrophic consequences, you first and foremost need to assess your organisation’s maturity level. This should contain three layers of protection; the preventive layer, the detection and response layer and the disaster recovery layer.
These layers very effectively form a total defence against cyber attacks if they are an integral part of your company at management level and when treated as interconnected units. By measuring and acting on IT security in the same way as e.g. you treat key financial figures, you get a clear overview of the areas where your company is vulnerable to damaging cyber attacks, and especially where the risk is unacceptable, so that action can be taken in time.
The 3 layers of protection
The preventive layer is about human competencies, technologies and processes that help you prevent an attack, such as relevant blocking technologies or essential (high risk) system maintenance that helps you avoid vulnerabilities. This layer also includes having a segmented network infrastructure, which makes it harder for an attacker to move laterally inside your network. In principle, this layer should protect you against 99% of all known attack vectors.
If, however, an attack would make it past the preventive barrier (e.g. an unknown attack method or vulnerability, a so-called zero-day attack, which unfortunately occurs too frequently), then your next layer of protection, detection and response, should help mitigate the threat. This layer is meant to quickly detect that an attack has passed through the preventive layer and effectively respond to it, so that it does not have a serious impact on your company's systems.
If detection and response layer doesn’t help either, and the attack causes downtime, your third layer of protection, disaster recovery, should help the company get back on track as quickly as possible. To avoid a cyber catastrophe (long-term and financial consequences), this layer is a discipline that needs continuous improvement and rehearsing, ideally regularly, so that you will be ready to react and recover fast when the crisis strikes.
I will talk about this at our next event in Copenhagen, on the 3rd of April, which you can read more about here.