The sophistication of cybercriminals and the level of impact that breaches have on business continuity have made the implementation of defence-in-depth a necessity. Defence in depth is about being a tougher nut to crack than the criminals are willing to deal with. They tend to seek the easiest route, and if they find that progress against your organisation is slow and costly, it starts to diminish their return on investment, which may prove a sufficient disincentive.
Security is always best when there are concentric perimeters. It is much harder for a threat actor to breach many walls than just one. So, start building out your own cybersecurity from the core.
Attack Surface Management
Attack surface management is the core of your cyber defences. This is where you will define and manage your growing attack surface and prepare yourself for any new threat. When considering the management of your attack surface, the following are essential:
- Identify all your assets and data and classify them.
- Have a comprehensive understanding of your vulnerabilities and security gaps.
- Prioritise and manage identified vulnerabilities based on impact and likelihood of exploitation.
- Leverage threat intelligence to discover threats and actors.
- Continuously audit and monitor your security control to ensure they perform as required and identify potential gaps.
- Map threats, attacks, and vulnerabilities to understand how criminals could penetrate your systems and plan accordingly.
- Understand your supply chains and cooperate with partners and vendors to secure them.
Work on improving Detection and Response
Prevention might not deter the attacker, so, it is better that you are prepared with your detection and response strategy to detect threats and respond to them.
- Ensure that your data support detection, analysis, and forensics.
- Minimise false positive alerts that create friction and contribute to alert fatigue.
- Build your team and arm them with the skillset and tools required for threat hunting.
- Establish an early warning system to alert in a timely manner all required stakeholders.
- Build and rehearse containment and response action plans to block, frustrate and evict the attacker.
Threat-centric risk management
Finally, the outer level of your defences should be based on threat-centric risk management to understand your risk environment, reduce risk to business in a cost-effective manner, and embed cyber risk management across all departments and decision-making processes.
Plan, Do, Check, Act
To ensure the effectiveness and efficiency of your cyber defence plan, you should consider following a Plan, Do, Check, Act approach for continuous improvement. In other words, you plan a security process, you deploy it, you review the results and then you act upon these findings to improve the system for the next time around.
You can find out more about our cyber security services or learn more about how to deter attackers from breaking into your systems and networks by download our whitepaper on minimising the impact of a cyber security breach.