Having good tools in place to block attacks is all I need, right? Wrong!
There’s more to cybersecurity than having the best tools in your tech stack. Without a robust cyber security strategy that covers all your bases, there will always be gaps in your cyber defences. However, an effective cyber security strategy delivers more than just protection; when you focus your cyber spending where it really matters to your firm, it can actually save you money.
In this article, we’ll show you the limitations of tools and how implementing a multi-layered cyber security strategy can transform your business.
1 – Understanding The Limitations of Tools
Technology can’t do everything, so if tools are your only defence against cyber-attacks, you’re leaving your organisation vulnerable. While the tools you use may be effective on paper, if you don’t have the expertise to get the most out of them, keep them updated, or integrate them with other solutions in your tech stack and your IT estate, you’ll still experience cyber events in the real world.
Let’s look at those limitations in more detail.
1.1 – Tools Cannot Guarantee 100% Protection
Even the best security tools cannot provide absolute protection. They can significantly reduce risk, but there is always the possibility of attacks slipping through. This is because these often complex tools need to be set up correctly, then constantly monitored, patched and updated.
Because cybersecurity is an ongoing process rather than a one-and-done thing, you must invest in tools, talent and training to stay ahead of the curve. This can be challenging, especially for small and medium-sized businesses (1). However, spending all your budget on protective tools may not be your best strategy. It’s more effective to ensure you have the appropriate capabilities across the NIST cyber security framework pillars aligned with your business goals (2):
- Identify – What types of cyber threats pose a risk to your business?
- Protect – How do you effectively safeguard the assets you identified?
- Detect – How will you find out if there are cyber threats against your assets?
- Respond – If you detect cyber security threats, what’s your action plan?
- Recover – If a cyber-attack impacts your infrastructure and wider business, how will you fix it and bounce back?
To learn more about how NIST can add extra punch to your cyber security strategy, check out this blog from Doherty.
1.2 – Tools Adapting To Emerging Threats
Every day, cyber attackers are experimenting with new ways to breach the defences of companies like yours. The role of the cybersecurity industry is to stay one step ahead of the attackers, but it’s always a challenge. For example, attackers are targeting companies that have moved to remote or hybrid working because they believe workers are less vigilant at home than they are in the office (3).
Tools alone may be unable to identify or defend against new and advanced threats without regular updates and monitoring. Even if your tools can adapt to emerging threats, can you solely rely on them?
1.3 – Tools that Integrate
Many organisations utilise several tools in the cybersecurity stack (4). For example, you’ll likely have different tools for:
- Vulnerability management
- Endpoint Detection and Response (EDR)
- Network security
- Access control
- Privileged access management
Best practice is to set up a cybersecurity platform that integrates your tools, giving you visibility, control and analysis of your entire cyber setup in one place. Ideally, your tools should share their intelligence, allowing ‘joined up’ visibility of trends, threats and risks. You can add or remove solutions as your business priorities change, boosting protection and performance.
2 – The Human Factor in Cybersecurity
A 2023 Stanford University study found that 88% of cybersecurity breaches are due to employee errors (5). It’s employees who click on malware attachments, fall for phishing scams or visit the wrong websites. They usually don’t mean to, but the result is the same as if they did.
When formulating your cyber security strategy, it’s essential to minimise the risk of your employees ruining your best-laid plans. Here are three ways to do it.
2.1 – Importance of Education and Training
You need to train your employees on how to identify and respond to potential cyber threats. For example, emphasise the importance of choosing strong passwords and not reusing passwords between different systems, recognising emails that could be phishing scams, and how to keep data safe. However, because your employees have their minds on other things and cyber threats evolve, you need to make cybersecurity training ongoing.
One of the challenges is that your employees may think cybersecurity is ‘an IT thing’ and has nothing to do with them, so ensuring everyone is up-to-date with the latest tech trends can be a big challenge. Best practice is to train your IT team to emphasise the importance of cybersecurity to the wider company.
2.2 – Promote a Security-Conscious Culture
When you promote a culture where cybersecurity is a top priority throughout the business, it’s easier to get buy-in from your employees and they’re more likely to keep security front-of-mind.
Here are three tips for fostering a security-conscious culture:
- Best practices – Leaders must establish a set of cybersecurity best practices across the organisation, champion them and lead by example
- Regular communication – Communicate your cybersecurity policies to your employees regularly and clearly, so everyone in your business understands the risks and their role in protecting the organisation from cyber attacks
- Reporting of suspicious activities – Implement a simple reporting process so your employees feel comfortable reporting incidents, no matter how small they may believe they are
2.3 – Build Secure Business Processes
Build secure business processes around aspects of your business where cyber events could occur and your employees’ actions matter.
For example, create a policy around handling payments where you only use trusted tools and isolating payment data from other parts of your IT infrastructure. You should also have a robust process when setting up new suppliers or updating any bank details to avoid paying money into suspicious accounts, such as sending a small test payment then calling the supplier to check they’ve received it. This will reduce the risk of invoice, payment and payroll fraud.
3 – Implement a Layered Security Approach
When you take a multi-layered approach to your cybersecurity, you make it much harder for a cyber-attacker to breach your systems. You minimise the gaps and boost detection, making it more likely you’ll neutralise cyber threats before they cause significant issues.
Let’s look at two ways to make your cyber security strategy more effective with a layered approach.
3.1 – Combine Tools with a CASB
Today’s organisations rely on technology for everything they do, from product development and marketing to logistics, customer service and beyond. There could be hundreds, even thousands of tech solutions in your business – and each is a possible attack surface waiting to be exploited by cyber-attackers.
A Cloud Access Security Broker (CASB) is a gatekeeper, ensuring that interaction with cloud services remains secure and compliant with company standards. When users attempt to access cloud services, the CASB ensures their access aligns with your organisation’s security policies. This includes managing authentication, enforcing access controls, and monitoring activities for potential threats like malware. One example of a CASB is Microsoft Defender for Cloud Apps.
3.2 – Breach Detection
When it comes to breach detection, the layers in your approach should be:
- Planning – What is your data breach strategy? What are your data ‘crown jewels’ that must be protected?
- Protection – How will you protect your essential business data?
- Detection – What tools and processes will ensure you know if a data breach is happening?
- Response – When you get an alert, a quick response is key. How will you achieve this 24/7?
Alongside these, you should have appropriate recovery plans to ensure your organisation can bounce back from any cyber-attacks, as well as robust ongoing governance.
At Doherty, we recommend Huntress breach detection (6). It helps you find out who’s in your system fast. After all, if an attacker has infiltrated your system and been there for six months, the damage is already done.
4 – Continuous Monitoring, Incident Response and Recovery
Cyber-attacks rarely come at a time that’s convenient for you. That’s why you need 24/7/365 coverage. With constant monitoring and a well-defined incident response plan in place, you can anticipate small problems and deal with them before they become big ones.
Let’s look at these three aspects of cybersecurity in more detail.
4.1 – Implement Real-Time Monitoring
With real-time monitoring, you can quickly identify and respond to potential cyber threats and manage vulnerabilities before they can cause disruption to your organisation.
Security Information and Event Management (SIEM) is an effective real-time monitoring tool. SIEM systems use AI to automate many of the previously manual processes of detecting threats and responding to alerts. For example, your SIEM system will automatically monitor your IT infrastructure, looking for threats, logging and analysing events and, if it discovers something suspicious, take action, while alerting your responsible people (7).
4.2 – Develop and Test Incident Response Procedures
A response could be something simple such as deleting a phishing email or removing an infected file. It could be an automated process using AI or SOAR (Security Orchestration, Automation and Response) technology. However, it’s important to have measures in place to help you contain threats. You need the right people who understand the threats making good decisions quickly about how to respond.
Compile a detailed incident response plan, which you test and update regularly. You want to know your response plan works before you need to use it in anger.
Here are the key elements of any robust incident response plan (8):
- Key contacts – Who are the people you need to alert and how do you get hold of them? What do you do if they’re unavailable?
- Escalation – Who handles more serious events and what are the criteria for this decision? For example, how severe should a breach be before escalating to the board?
- Processes – Create a flowchart of exactly how you’ll handle the event through the entirety of its lifecycle
- Conference call numbers – How you’ll get everyone together to coordinate your response
- Legal and regulatory guidance – To ensure compliance as you respond to your cyber attack
4.3 – Incident Recovery
Responding to cyber threats can be expensive. Cyber insurance protects you against these costs, including third-party liabilities that could arise from a cyber-attack.
Depending on the policy you take out, you could take advantage of:
- 24/7/365 incident response – No waiting until the next morning
- Crisis management – Includes data forensics, data recovery and PR (to minimise the damage to your reputation)
- Financial compensation – Coverage for any lost profits during a cyber-attack and the recovery process
- Fines – Coverage for any regulatory penalties you may incur as a result of the cyber-attack
5 – Regular Security Audits and Assessments
The cybersecurity landscape changes quickly, as do your business’s priorities and processes. It’s easy to put cybersecurity on the back burner as you focus on the exciting parts of running your business. However, cyber events are part of business life today – and no organisation is immune to the threat of cyber attackers. Therefore, it’s essential to conduct periodic security audits and assessments to identify any weaknesses and vulnerabilities within your systems.
Here are two methods you should employ as you audit your systems.
5.1 – Perform Vulnerability Scans
Vulnerability scanning is where you examine your system to discover, analyse and log any gaps in your security that may exist. Effective vulnerability scanning allows you to protect your systems, data and people proactively. When you identify your potential weaknesses, you can do something about them. For example, data breaches often happen because of unpatched software. Scanning for vulnerabilities helps to eliminate this window of opportunity for cyber-attackers.
A vulnerability management system can continuously audit your IT infrastructure, ensuring your networks and applications are safe.
5.2 – Engage External Penetration Testing
External penetration testing is when you employ third parties to simulate real-world cyber-attacks to identify any potential security gaps you may have overlooked. It’s a valuable way to test that the cyber tools in your stack are working as they should be. For example, when the penetration test runs, do your protective and detective controls start to generate alerts?
Bringing in a professional third-party tester to perform these exercises gives you an outsider’s perspective, free of familiarity bias, with the latest tools. They’re a great training opportunity for your IT teams, and their reports and recommendations will help you safeguard your business for the future.
As good as your cybersecurity technology may be, you can’t rely on tools alone to protect your business from cyber threats. It’s essential to bring your employees on board, take a multi-layered approach to your cyber security strategy, continuously monitor your systems and conduct regular assessments to ensure you’re on the right track. It’s not just about the tools; it’s about managing the tools and the teams that use them.
A good managed service provider (MSP) can support you as you do all this, providing the perfect combination of tools, training and expert support. Your MSP can guide you in the right direction, or they can take it off your hands entirely.
However, not all MSPs are created equal. Many MSPs won’t have the level of cybersecurity expertise to be able to deliver holistic, strategic guidance on cybersecurity. When partnering with an MSP, make sure they have the necessary cybersecurity capability.
To find out more about Doherty Associates, visit our Services page.
1 – The Knowledge Academy – Advantages and disadvantages of cybersecurity
2 – Techtarget.com – 5 Key Elements of a Modern Cybersecurity Framework
3 – Forbes – Remote Work Has Led To A Cybercrime Boom—Here’s How To Stop It
4 – Sprinto.com – 15 Best Cybersecurity Tools in 2024
5 – Security Today – Just Why Are So Many Cyber Breaches Due to Human Error?
7 – IBM – SIEM
8 – NCSC – Incident management