Cybersecurity: Mission Possible – Defense in Depth
Impenetrable, invulnerable, unassailable, impregnable … the truth is, words like these have absolutely no place in cybersecurity. There’s always a flaw to be found, always a chink in the armor, always a weaker link. There are also always entities out there diligently looking for ways to exploit any vulnerability for greed, or power, or to make a statement, or even just for thrills and notoriety. Just look at the year so far.
We’ve recently covered some pretty big Zero Day attacks that affected millions around the globe, like the Microsoft Exchange Server Zero Day attacks, multiple Google Chrome attacks, vulnerabilities in Pulse Connect Secure products, flaws exploited in SonicWall’s Email Security (ES) product, it’s so common now that they already feel like old news. And in a sense, they are!
Over the last week we’ve learned about a ransomware attack that shut down one of the biggest oil pipelines in the US, with fears circulating that gasoline could soon break $3 a gallon again as a result. We’ve also just been introduced to WiFi Frag Attacks, which in theory would allow an attacker within radio range to steal user information or attack devices. Thankfully, the threat is still considered low because the attacks require user interaction or uncommon network settings and manufacturers have been pushing out fixes. But to crystalize the threat of unknowns in the world of cybersecurity, think about this – these WiFi Frag attack vulnerabilities exist in devices going back to 1997 and have only recently been discovered – how’s that for a Zero Day window.
In the world of cybersecurity it is best to always pursue perfection, but never expect to fully achieve it. There is always a mission impossible team out there looking for some flaw, no matter how ridiculous or miniscule, that can help them realize their objective. The key is to make them have to scale that glass skyscraper from the outside, make them leap from building-to-building hundreds of feet in the air, make them hold their breath for minutes on end. Make it hard!
Enter: Defense in Depth
Defense in Depth (DiD) is a core tenet of effective cybersecurity. The principle behind Defense in Depth is that if you stack layer upon layer of security on top of one another, the effectiveness will increase by multiple folds as each layer is combined and compounded. Defense in Depth is usually broken down into four main categories, user security, system/application security, network security, and physical security. Below are just some examples of security layers which can be stacked to multiply effectiveness. But keep in mind that Defense in Depth is not static, it constantly evolves as new technologies emerge, the cyber threat landscape expands, and as needs change. Using any of the following in conjunction with each other constitutes Defense in Depth, the more you stack and layer, the better.
Effective cybersecurity has to start with users, by far the weakest link in the cybersecurity chain. They have to be aware of what they’re up against, and that takes constant training, reminders, rules – and consequences for dangerous behavior. From an administrator’s point of view, following the principle of least privilege is an easy and effective way to protect an organization from user errors, and even insider attacks. The principle of least privilege simply means to give users only the access and privileges required to perform their duties, no more, no less. The less they can access, the less dangerous they can be, knowingly or unknowingly. We put together the Cybersecurity Easy 8, which is a breakdown of eight easy things users can do add some layers of security, it covers:
- Employing antivirus/antimalware software
- Malicious pop-ups awareness
- Phishing/spear phishing awareness
- Avoiding dangerous Web habits
- Keeping all software and applications up to date
- USB stick/flash drive safety
- Password security
- Two-factor/multifactor authentication
Every system and/or application can be an entry vector for cyber attackers. Below is a short and far from complete list of some of the security layers you can apply to your systems and applications. You’ll also notice a few of the same things that apply to user security, so these suggestions are not exclusive to any group, apply them wherever applicable.
- Vulnerability scans & penetration testing
- Antivirus/antimalware software
- Authentication and password security
- Data encryption
- Logging and auditing
- Two factor/multi-factor authentication
- Timed access control
- Intrusion detection systems (IDS)
Network access is the Holy Grail for cyber attackers. If they can gain full access to an organizational network and remain unnoticed, the sky is the limit to the damage they can cause. They can steal, manipulate and/or destroy at will, or they can just maintain reconnaissance, formulate a much bigger plan, and pick a perfect time to maximize the returns on their attack and the damage to your organization. Here are a few layers that would apply to network security:
- Network segmentation
- Firewalls (hardware or software)
- Demilitarized zones (DMZ)
- Virtual private network (VPN)
Cybersecurity isn’t just about networks, software and equipment, it’s about access. With physical access, cyber attackers can bypass even some of the most robust technology-based security measures. With physical access, they essentially become an insider with nefarious intentions in mind. It is essential to limit physical access to only those who need it to perform their duties by employing levels of physical security, logging and tracking which can help keep even insiders in check. A few of these would be:
- Biometrics (be sure to check local laws and regulations)
- Data-centric security
- Physical security (locked server rooms, keycard access, deadbolt locks, reinforced locked cabinets, alarms, etc.)
Your mission, should you choose to accept it, is to create, deploy and maintain an effective Defense in Depth plan. Your digital survival may depend on it. This message will not self-destruct, it will always be the foundation of effective cybersecurity.
GDF Can Help
GDF can help you across the entire cybersecurity spectrum, from professional vulnerability assessments and penetration testing, to application testing, emergency incident response and regulatory compliance. We can help you mold an effective Defense in Depth strategy, we can test your plan’s effectiveness, and we have CISSP certified emergency responders who can act quickly should the unthinkable occur and you are the victim of a cyber attack.
For all your cybersecurity needs, call GDF at 1-800-868-8189 today, or fill out the form below and we’ll contact you.
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cybersecurity and emergency incident response, with years of experience assisting clients in the government, banking, legal, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to call 1-800-868-8189 for immediate help. For more information, visit GDF's cybersecurity page.