A Guide to Defense in Depth for SMBs

How does a defense in depth strategy help SMBs?

Defense in depth is a comprehensive approach to cybersecurity that recommends businesses use a combination of security tools to protect critical data and block threats. This strategy helps small and medium businesses develop redundancy to ensure all attack surfaces are protected, including devices, data, and employees.

Adopting a defense in depth security posture gives businesses more than one line of defense when a cybercriminal attempts to gain access to sensitive data. These comprehensive, sometimes overlapping solutions include physical, administrative, and technical controls.

• Physical Controls are the security measures that physically protect IT systems, such as a locked door.
• Administrative Controls are the security policies and procedures put in place by an organization, like security training for employees.
• Technical Controls use hardware and software, like antivirus and encryption, to protect IT systems.

How does defense in depth work?

The term was originally a military strategy that aimed to slow or delay the advance of an attacker instead of using immediate retaliation with one line of defense.

As business and technology have evolved, it’s become apparent the same theory should be applied to data protection. Business data was originally protected physically, usually focusing on the security of company buildings and file cabinets. However, today sensitive data no longer has a physical perimeter. Data breaches are making headlines daily and cybercriminals are finding new tactics to breach networks. Multiple layers help protect against all breach avenues.

Defense in depth works for businesses by implementing the three controls mentioned above (physical, administrative, and technical) to make it extremely difficult for anyone to gain unauthorized access to data and, if they do, to ensure additional protection is in place so the entire network isn’t breached. In comparison to its origin in military terms, the strategy acknowledges the possibility of an attack and remains prepared to stop or slow an attacker’s progress.

As an example, if an attacker sends a phishing email and an employee clicks on the link, technical controls are in place so they are protected from whatever malware lies beyond. Cybersecurity products, such as secure web gateways, double check web links for harmful content or hidden malware.

The importance of all three controls working together is what makes this defense strategy such a powerful approach for SMBs, who are among the most heavily targeted groups.

Let’s dive into each control.

Physical Controls

These controls are put in place to protect information technology from being physically compromised. Putting IT devices and systems inside of a locked, secure building ensures that unauthorized people can’t access devices that hold sensitive business data.

Security badges with specified access, security cameras, and alarm system monitoring are effective ways to implement physical controls and secure the first and most basic part of a defense in depth strategy.

Administrative Controls

Employees are known security risks. They aren’t familiar with every vulnerability or cybercrime tactic and therefore need guidelines to keep company data safe.

Training employees to protect sensitive information, keep software patched, and keep applications and data accessible only to necessary employees is a great first step in implementing administrative controls.

Technical Controls

Technical controls protect hardware, software, and network systems. This control is arguably the most important in today’s digitally driven world.

Keeping a business network secure is imperative – as a breach could lead to reputational damage, monetary loss, and customer distrust.

Remote workers, cloud services, and web applications are making it easier for cybercriminals to access a network from anywhere in the world. Attack surfaces are growing rapidly as new devices and apps are introduced to make operations more efficient. Data is then collected and stored in third-party applications or the cloud. Avenues for cyber attacks are now basically endless. One layer of security is no longer enough.

Most businesses have strong physical controls in place – but lack the needed technical and administrative controls for a well-rounded defense. Listed below are the core technical controls, or layers of security, that SMBs should focus on. They are considered “core”because they protect against major threats that could cause immediate downtime.

• Antivirus
• Secure Web Gateway
• Firewall
• Patch Management
• Backup & Recovery

As your business grows and adopts additional cloud services, these additional security layers become more important:

• Two-Factor Authentication
• Secure Internet Gateway
• Intrusion Detection and Prevention Systems
• Encryption
• Data Loss Prevention
• Virtual Private Network (VPN)

Combining physical, administrative, and technical controls gives SMBs the well-rounded, full-coverage security that they need. For more information about how to secure your network and implement a layered security approach from one platform, contact Avast Business.