The explosion of ransomware has many security experts arguing forcefully against a perimeter-only security model. These experts point out that this approach has led to cyberattacks that have caused billions of dollars of economic damage. But what is perimeter security? What does it leave out? And what should you do instead?
Perimeter Defenses, in Buildings and Networks
Network security is similar to physical security. Your business has a lock on the outside doors, and you probably also have an alarm system with entry sensors. When these are disabled during the day, your front office staff might be responsible for making sure no unwanted guests are allowed to roam the building.
But if someone makes it past those defenses, how many other doors are locked? In some high-security offices, visible badges may be required at all times. But most offices don’t have requirements like this. Finance and HR offices are probably kept locked when they aren’t being used, and some executive offices or conference rooms may also be kept locked. But most companies don’t provide a locked office space for each employee.
This is called a perimeter defense model, because there’s a perimeter of defense around the building. Once a person has penetrated the perimeter, they’re free to roam around most parts of the office. Using a perimeter defense for building entry makes sense for most small and mid-size businesses, because co-workers would recognize unfamiliar faces in the office. They’d also notice suspicious activities like looking in drawers or waiting for people to pass through the hallway.
Network security is much different than building security, however. There are no faces moving around your network, and nobody is manually reviewing every file’s access history for suspicious behavior. When a cybercriminal gets past perimeter defenses they might steal data, delete backups and initiate a ransomware attack without being detected. None of these are acceptable risks for a business.
The Solution: Defense in Depth
The perimeter of your network is guarded by a firewall and by user authentication. These two systems work together to prevent the most dangerous types of network traffic and to help confirm a user’s identity. They work together (along with your email spam filtering application) to block the vast majority of threats targeting your business.
But what happens if a cybercriminal gains access to your network using an employee’s stolen credentials? What data would the attacker be able to access if the stolen account was a mid-level employee’s daily login credentials? What if it was a higher-level employee’s login information that was stolen, such as the CEO or CFO? Hackers know that a CEO’s password is likely to have access to a wide range of data across a network, and target them for theft accordingly.
Modern network security doesn’t assume that any user who makes it past the perimeter is friendly. It employs a layered defense system, reducing the number of accounts that can access the most sensitive data. Accounts with the ability to make major changes to your network are typically limited to highly-protected administrator logins that aren’t used on a -day-to-day basis.
What Security Should Be Implemented Inside the Perimeter?
Modern security also doesn’t assume that cybercriminals will never make it beyond a company’s firewalls or authentication systems. Unfortunately, cybercriminals do sometimes break through network security that’s built using the best industry practices. A well-prepared business should have threat-monitoring software to help detect unusual behavior along with a ready-to-deploy disaster recovery plan to restore any critical data or systems that are brought down during an attack.
Here are some specific layers of defense that small and mid-size businesses should be using to defend against ransomware and other cyberattacks.
Password policies are a perimeter defense measure, but it’s still important to mention them. There are 8.4 billion stolen passwords floating around the internet. You don’t want any of them used on your network.
Don’t allow easy-to-crack passwords on your network – for instance, short passwords, or those without symbols, letters or capital letters. Require passwords to be changed every few months. And ask your employees to use a password they aren’t using on any of their other personal accounts.
Beyond password policies, the most important thing you can do to reduce your security risk is to require multi-factor authentication (MFA) on any system or product that allows it. Even if an employee is accessing a system or Software-as-a-Service platform from within your network, it’s still a good idea to require MFA. In 2019, Google said MFA prevented 100% of automated attacks, 99% of bulk phishing attacks and 90% of targeted attacks. Those numbers may have dropped slightly, but it’s still incredibly effective.
And the cost? In most cases it’s free, and only requires employees to look at their phones and press (at most) a few extra numbers on their keyboard.
AI-Based Threat Detection
Unfortunately, multi-factor authentication can’t prevent every attack. Some sophisticated attacks bypass authentication, and users are sometimes tricked into completing a form that provides the MFA key directly to a cybercriminal.
While traditional antivirus and anti-malware tools can’t do much to prevent these types of attacks, newer AI-based security tools can. These tools evaluate activity on your network for potentially malicious actions. When they detect suspicious activity, they alert IT teams, who can examine the activity further to determine if it is legitimate employee use or a bad actor attempting to attack or hijack your network.
Advanced Disaster Recovery Platforms
If a bad actor does make it onto your network, data backups are one of the best defenses you have against anything they might do to your data. But if they can access those backups, they’re going to delete them. When designing a disaster recovery solution, it’s always best to assume that someone will do whatever they can to hijack the system, including disabling backups, disabling alerts, corrupting the data or even setting a “time bomb” to delete the data after a certain period of time. Make sure your backups are unreachable or immutable once they’ve been created.
Are You Using Defense in Depth?
Does your network do a good job of balancing cybersecurity and employee productivity? If you’d like to talk about your business’s approach to MFA, new AI-based tools, backup and disaster recovery, or any other services that could help you adapt to a changing threat horizon, we’re happy to help!
To learn how WingSwept can help protect your company from emerging cyberthreats, call us at 919-460-7011 or email us at Team_WingSwept@WingSwept.com.