Have you Heard About the Cybersecurity Onion?

Cybersecurity continues to be a top concern for businesses in Canada. This is not a surprise. In 2021, 85.7% of Canadian organizations experienced at least one cyberattack within a 12-month period according to the 2021 Cyberthreat Defense report by the CyberEdge Group. 

The bad news is that there is no miracle solution that will 100% guarantee that a business or organization will never be the victim of a cyberattack. The good news is that there are measures that can be taken to minimize the risks and in the worst-case scenario, have the cyber resilience to minimize the impacts to the organization.  

Really, that is the idea behind the cybersecurity onion. It is having multiple layers of security to minimize risk and increase cyber resilience. 

Areas of analysis 

As Technology Service Providers when we think about the cybersecurity of a business, we look at the following areas: 

• People 
• Perimeter 
• Network 
• Endpoint 
• Data 
• Company 

Graphically represented, it looks like the image below, thus, the onion reference with the different layers. 

Layered security 

Let’s take a deeper look at the different areas and what security solutions businesses need to consider. 

1. People 

People can be the weakest link in your cybersecurity posture, or they can be your best line of defense. Businesses should strive for the latter. There are some key solutions to consider implementing to create a human firewall. 

1. Cybersecurity Awareness Training – this involves teaching people about cyberthreats such as phishing and how to recognize them to stay safe. Part of the training should by phishing simulations on a regular basis which will help people identify phishing attempts. 

2. Password Management – implementing password policies that make it as difficult as possible for cybercriminals to easily crack them. The table below developed by Mike Halsey gives a good overview of how long it takes cybercriminals to crack passwords depending on their length and complexity. It may be surprising but true. It should be noted that this table has been updated on several occasions as cybercriminals use more sophisticated tools to crack passwords. 

Implementing password management policies and solutions can help with protection from cyberattacks. 

3. Multi-factor or Two-factor Authentication (MFA/2FA) – This is an authentication method that requires the user to provide two or more verification factors to gain access to a resource. MFA is a core component of identity and access management policies. Some may see it as an inconvenience, but this tiny inconvenience can be the difference between being hacked and not being hacked. 

2. Perimeter 

The perimeter is the border between one network and another. Creating a security perimeter, is placing the necessary safeguards at the entrance network to secure it from hackers. 

Some of the solutions that help secure the perimeter of an organization’s network include: 

1. Firewall – establishes, with the proper configuration of security rules, a barrier between a trusted network and an untrusted network, such as the Internet.   

2. Spam Filter – detects unsolicited, unwanted, and virus-infected emails and prevent those messages from getting to a user’s inbox. 

3. Dark Web Monitoring – to watch for any user information such as passwords that may have been compromised and are being sold on the dark web. 

4. Penetration Testing – Also referred to as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system 

3. Network 

Protecting the network itself by implementing additional security such as: 

1. Security information and event management (SIEM) – these are software products and services that combine security information management and security event management. They provide real-time analysis of security alerts generated by applications and network hardware. 

2. Security Operations Centre (SOC) Services – these are services that continuously monitor and improve an organization’s security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents. 

3. Network Segmentation – this is when different parts of a computer network, or network zones, are separated by devices like bridges, switches, and routers. A few key benefits of network segmentation are: 
   1. Limiting access privileges to those who truly need it.
   2. Protecting the network from widespread cyberattacks.
   3. Boosting network performance by reducing the number of users in specific zones.
   4. Wireless Authentication – enables you to secure a network so that only users with the proper credentials can access network resources.

4. Endpoint 

Securing the endpoints involves: 

1. Monitoring and alerting services that look for unusual or suspicious activities at the endpoint level 

2. Endpoint Detection and Response (EDR) is an integrated endpoint security solution that combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities. EDR is often referred to as next-generation antivirus 

3. Patch management is the process of distributing and applying updates to software. Although sometimes overlooked, these patches are often necessary to correct security vulnerabilities and bugs in the software. 

4. Drive Encryption is a technology that protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. 

5. Vulnerability scan enables organizations to monitor their networks, systems, and applications for security vulnerabilities. 

5. Data 

Data security mainly involves backing it up. Best practices for secure backups are often summarized by what is called the 3-2-1-1-0 backup rule which is described in the graphic below. 

6. Company 

At this layer, security involves cyber resiliency. It’s having a plan in place to respond to an incident as well as a plan for keeping the business operational when an incident occurs. Having plans in place, communicating the plans throughout the organization, practicing the plans, and reviewing them on a regular basis allows businesses to be prepared during a worst-case scenario situation.  

In the end, the goal of a layered approach to cybersecurity is to make it as hard as possible for cybercriminals to hack your business. The requirements and needs of every business are different and engaging with an IT Service Provider, such as MicroAge, can help you determine what the right solutions for your business are, is part of the process.  

Contact us today to see how we can help.