The 5 Stages of an Effective Cyber Defence Strategy

Organisations are under increasing pressure to address cyber security, as attacks become more frequent and sophisticated.

With traditional measures to protect systems failing, decision makers must rethink their cyber defence strategy. Consider, for example, Cisco’s 2022 Cybersecurity Almanac, which predicts that the cost of cyber crime could increase by 75% in the five-year period from 2021 to 2025, reaching as much as $10.5 trillion (about €10.6 trillion).

That report also found that global spending to prevent cyber attacks will increase by the same amount during that period.

This suggests that organisations are making no progress in their battle to prevent cyber attacks. At this trajectory, costs will continue to escalate until the cost of defensive measures and incident recovery are untenable.

It doesn’t have to be like this, though. By taking a defence-in-depth approach to cyber security, organisations can create a more resilient and cost-effective set of defences.

The multi-layered framework ensures that organisations have physical, technical and administrative controls to mitigate the risk of a data breach. It does so with five protective layers (or ‘stages’): detection, protection, management, response and recovery.

Even if one of these defensive layers is breached, the next works to further contain the damage.

In this blog, we look at each of those stages to help you understand how they form a cohesive cyber security strategy.

Stage 1: Detection

The basis of all cyber security defence programmes must be threat detection. It’s only by understanding the threats you face and where your cyber defences are most at risk that you can implement appropriate defences.

There are, broadly speaking, two ways that threats emerge: from technical and human vulnerabilities.

Technical vulnerabilities can be detected with a programme of regular vulnerability scanning. This approach identifies security vulnerabilities in computers, internal and external networks, and communications equipment.

It’s an automated activity that scans infrastructure targets for known vulnerabilities and misconfigurations, enabling you to bolster your defences where you most need to.

By contrast, human security weaknesses relate primarily to our innate susceptibility to social engineering, which is why cyber criminals are so reliant on phishing.

Staff awareness training, particularly phishing staff awareness training, is essential to mitigating the threat of cyber attacks. Training your staff how to recognise phishing emails and what to do if they open them or click on a malicious link is critical to keeping your organisation secure.

Stage 2: Protection

No matter how well prepared an organisation is to detect threats, some attacks will get past the first layer of defence.

This will often be the case if cyber criminals find zero-day vulnerabilities (i.e. technical weaknesses that haven’t been identified by antimalware software), or they use sophisticated techniques to outsmart defences.

Organisations should prepare for this inevitability by implementing robust cyber security controls and ensuring that employees know how to manage cyber security defences and breaches.

Training and professional certification helps ensure you have the skilled staff you need to implement and maintain your security measures.

Meanwhile, certification to basic security schemes such as Cyber Essentials helps protect organisations from the most common cyber threats and demonstrate their commitment to cyber security.

Penetration testing goes a step further than vulnerability scanning. The process consists of experienced ethical hackers probing an organisation’s systems looking for vulnerabilities in the same way that a criminal hacker would.

Stage 3: Management

The next layer of security addresses cyber security as an ongoing process rather than a set of static solutions.

This stage is defined by the way organisations manage cyber security risks as part of their wider operations. It includes measures such as as embedding risk-based security controls into corporate processes, managing the security of supply chains and carrying out regular audits to ensure security controls remain up to date.

Organisations can perform these tasks with the help of ISO 27001. It’s the international standard for an ISMS (information security management system), which takes a risk-based approach to information security that encompasses people, processes and technology.

Independently audited certification to the Standard demonstrates to customers, stakeholders and staff that the organisation has implemented and maintains information security best practice.

It also helps organisations comply with the GDPR (General Data Protection Regulation), as many of the requirements overlap.

Stage 4: Response

The security measures you have implemented should minimise the likelihood and impact of a successful attack, but it only takes one mistake for a data breach to occur.

That’s why organisations must adopt a layer of security that addresses what will happen in the event of a disruptive incident. The better prepared you are for disaster, the faster you will be able to act and the more you will be able to limit costs.

This is especially important when it comes to breaches of personal data, which must be reported to the data protection authorities within 72 hours of being discovered under the GDPR.

Organisations can address this layer with a robust business continuity management system, combined with cyber security and data protection audits, and supply chain security.

Cyber incident response management is a part of wider business continuity management. This helps you put plans in place to cover all types of unplanned disruption, from cyber security incidents to natural disasters, from power outages to pandemics.

Stage 5: Recovery

The final layer of security addresses the aftermath of a data breach. Sometimes, the recovery process will be more disruptive than you might have planned for, with organisations often taking months to fully return to business as usual.

Having cyber insurance in place can give organisations peace of mind, giving them cover when they need it most, and helping the organisation get back to business as usual as soon as possible. Ultimately, it can cover the cost of-rebuilding if all else fails.

Learn more about defence in depth

You can find out more about defence in depth by watching our dedicated webinar series. We have presentations on each of the five stages, hosted by IT Governance Founder and Executive Chairman Alan Calder.

Stage 1 – Detection is available to download now, while you can register for our upcoming presentations, including Stage 2 – Protection, which takes place on Thursday, 29 September, from 3pm.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.