t cht lk
A LAYERED APPROACH TO
CYBERSECURITY
Many think of a layered approach to
cybersecurity in terms of technology and
tools. This means having various security
controls in place to protect separate
entryways. For example, deploying a
web application firewall, endpoint
protections and secure email gateways,
rather than relying only on traditional
perimeter defences.
While these solutions are all part of a layered
security approach, it actually goes well
beyond deploying layers of different security
tools. For cybersecurity to be effective,
organisations must also consider how they
leverage people and processes.
When combined into a single, integrated
framework, an overlapping strategy based
on security tools, people and processes will
yield the most effective defences.
“
IT’S IMPERATIVE THAT
ORGANISATIONS CONDUCT REGULAR
TRAINING SESSIONS THROUGHOUT
THE YEAR TO KEEP EMPLOYEES
AWARE OF POTENTIAL SCAMS AND
THE WAYS THEY CAN MAKE THEIR
ORGANISATION VULNERABLE.
asset and a first line of defence. Often,
cybercriminals will specifically target
employees as an attack vector based on their
lack of knowledge for security best practices.
For example, cybercriminals might target
employees with phishing emails designed
to get them to click on a malicious link or
divulge credentials. With this in mind, it’s
• Creating strong passwords that are
unique to each account and not reused,
ensuring personal and work passwords
are separate
• Not opening or clicking links in suspicious
emails or those from unfamiliar senders
• Ensuring applications and operating
systems are updated regularly as
soon as patches are released and not
installing any unknown outside software,
as they can open security vulnerabilities
in the network
• Immediately reporting any unusual
behaviour or something strange
happening on their computers
Another way IT teams can improve
cybersecurity at the employee level is with
access management policies such as the
principle of least privilege, which provides
a person with access to data only if it is
necessary to do their job, thereby reducing
the exposure and consequences of a breach.
Processes
This layer of cybersecurity ensures
that IT teams have strategies in place
to proactively prevent and to respond
quickly and effectively in the event of a
cybersecurity incident.
Alain Penel, Regional
Vice President –
Middle East, Fortinet
SECURITY TACTICS FOR PEOPLE,
PROCESSES AND TECHNOLOGY
As IT teams seek to create a layered security
environment, there are several tactics they
should consider:
People
Employees can create some of the greatest
risks to cybersecurity. However, when they
are well informed they can also be an
78
INTELLIGENTCIO
imperative that organisations conduct
regular training sessions throughout the
year to keep employees aware of potential
scams and the ways they can make their
organisation vulnerable.
Training programmes like these will create
a strong culture of cybersecurity that can
go a long way toward minimising threats. A
few of the cyberhygiene points IT teams will
want to inform employees of include:
First, IT security teams should have a
cyberincident response plan in place.
A good incident response plan will
provide an organisation with repeatable
procedures and an operational approach
to addressing cybersecurity incidents to
recover business processes as quickly and
efficiently as possible.
In addition, ensuring proper backups are in
place and regularly testing these backups
is imperative to minimising downtime and
www.intelligentcio.com