What Is a Multi-Layered Cyber Security Approach?

Editor's Note: Take a look at our featured best practice, Digital Transformation Strategy (145-slide PowerPoint presentation). Digital Transformation is being embraced by organizations across most industries, as the role of technology shifts from being a business enabler to a business driver. This has only been accelerated by the COVID-19 global pandemic. Thus, to remain competitive and outcompete in today's fast paced, [read more]

Also, if you are interested in becoming an expert on Digital Transformation, take a look at Flevy's Digital Transformation Frameworks offering here. This is a curated collection of best practice frameworks based on the thought leadership of leading consulting firms, academics, and recognized subject matter experts. By learning and applying these concepts, you can you stay ahead of the curve. Full details here.

* * * *

In a conflict, the defender never relies on a single line of defense. The human body has three—the skin, the immune cells, and white blood cells—to fight off any infectious diseases trying to enter. In risk management, businesses also employ three lines to handle the risks they’re facing now and will face in the future.

This idea rings as true in cybersecurity as anywhere else. Sensitive data should be buried under several layers of protection to make it difficult for hackers and other cybercriminals to steal it. This multi-layered approach to cybersecurity can form a strong deterrent against even the most potent attacks. Here’s an in-depth look at this strategy.

The Open Systems Interconnection Model

This approach isn’t anything new. The industry had the idea as early as the 1970s when it made the Open Systems Interconnection (OSI) model. Defined under ISO/IEC 7498, the OSI model consists of seven layers, divided between the host and media layer categories.

• 7th layer – Application: Application Process Interface (API) or the app itself
• 6th layer – Presentation: Encryption/decryption protocols, data compression
• 5th layer – Session: Managing data exchanges and communications
• 4th layer – Transport: Transmission techniques like segmentation or multiplexing
• 3rd layer – Network: Structuring and managing data network paths
• 2nd layer – Data Link: Media access control (MAC) and logical link control (LLC)
• 1st layer – Physical: Transmission of unstructured data

Being a model that remains a globally-recognized standard 50 years after its inception means it’s still doing its job well. However, as most experts in cybersecurity Boston that businesses trust say, it can no longer stand alone today. Cyberattacks have grown more sophisticated through the years, and the OSI model in its current form won’t be able to fend them all off.

The Human Factor

Cybercriminals sometimes don’t even have to launch state-of-the-art attacks; instead, they can fool an employee into granting them access. The “Nigerian prince,” arguably one of the oldest deception methods in the book, continues to rake in hundreds of thousands from unsuspecting people every year. All hackers need to pull this off is a formal-looking email.

Industry experts agree that the human factor is the weakest link in any cybersecurity structure. Getting scammed is just the tip of the iceberg; the problem extends to a lack of IT training and understaffed and overworked IT teams, among others. The latest data shows that human error accounts for average losses of upwards of USD$3.33 million.

Conversely, experts concur that the human factor can be vital in a multi-layered cybersecurity approach. The innate ability to understand context can mean a lot in discerning fake messages from the real ones, preventing anyone from triggering its compromising content.

Upon taking the human factor into account, the multi-layered cybersecurity approach consists of seven layers. From the forefront, the layers include:

• Human Layer – understanding human behavior, habits, and communication patterns
• Perimeter Layer – physical and electronic security measures for guarding the premises
• Network Layer – regulating access to the infrastructure’s network and databases
• Endpoint Layer – protection of the data link between the mainframe and the devices
• Application Layer – managing access to in-house apps and their access to data
• Data Layer – security of data transfer and storage systems
• Mission Critical Layer – the actual data under this protective umbrella

Some industry professionals refer to multi-layered cybersecurity by another name: defense-in-depth. It forms one of three foundations of cybersecurity risk management alongside security by design and zero-trust architecture. Redundant protective systems can make hacking require more resources than what hackers have at their disposal.

Digging In

Building this cybersecurity fortress will take time and resources. The good news is not all kinds of data need this much security (though still welcome), so businesses can save money in that regard. As such, the first step involves a clear picture of the workplace and its needs in the current economy.

For this, a business will need a motherload of data on the workplace’s current cybersecurity infrastructure. Gather information on unusual traffic sources, firewall and software versions, office ground rules, and others. Being aware of existing laws on cybersecurity compliance can also be helpful.

Once a full audit is complete, the next step is implementing as many changes to the cybersecurity infrastructure as possible. Aside from installing up-to-date cybersecurity hardware and software, experts believe it pays to promote a ‘rugged culture of security.’ Rather than reacting to threats as they arrive, the workplace must be aware that it’s not entirely secure—no infrastructure is.

Conclusion

A multi-layered cybersecurity approach combines humans and technology to create a defense-in-depth against sophisticated threats. Neither factor can stand alone in the face of hackers growing more intelligent and having greater access to the tools of their trade.

Want to Achieve Excellence in Digital Transformation?

Gain the knowledge and develop the expertise to become an expert in Digital Transformation. Our frameworks are based on the thought leadership of leading consulting firms, academics, and recognized subject matter experts. Click here for full details.

Digital Transformation is being embraced by organizations of all sizes across most industries. In the Digital Age today, technology creates new opportunities and fundamentally transforms businesses in all aspects—operations, business models, strategies. It not only enables the business, but also drives its growth and can be a source of Competitive Advantage.

For many industries, COVID-19 has accelerated the timeline for Digital Transformation Programs by multiple years. Digital Transformation has become a necessity. Now, to survive in the Low Touch Economy—characterized by social distancing and a minimization of in-person activities—organizations must go digital. This includes offering digital solutions for both employees (e.g. Remote Work, Virtual Teams, Enterprise Cloud, etc.) and customers (e.g. E-commerce, Social Media, Mobile Apps, etc.).

Learn about our Digital Transformation Best Practice Frameworks here.