Expert Opinion: A three layer approach to cybersecurity

With the global pandemic and increasing digital transformation, cyberattacks against businesses are on the rise. Stockport-based IT support experts, Amshire, explain the costs to businesses of cyberattacks, and how a three layer approach to cybersecurity can help protect your organisation.

Global cyberattacks continue to rise, prompted by digital transformation and the ongoing pandemic. The widespread shift to a work-from-home environment with unsecured devices gives cybercriminals an excellent opportunity and it is the responsibility of enterprises to respond with increased vigilance to secure sensitive information.

The average enterprise value of a data breach

The average valuation of a breach in enterprise data for a company with 25,000 employees is $5.52 million, and $2.64 million for organisations employing less than 500 staff. Critically, whilst the overall cost may be smaller to smaller firms, the actual cost per employee is disproportionately higher for smaller firms.

From this, it’s clear to see how for larger businesses, the economies of scale can hide the full cost of a data breach. When the responsibility for avoiding a cyber attack is more widely spread, across numerous employees and departments, it may feel easier to pass up individual agency. Whereas, while the overall potential cost of a breach is lower for smaller organisations, the need for individual best practice is much more greatly pronounced.

The personal cost of data exposure

The importance of individual responsibility extends beyond the potential monetary threat to the organisation. Malwarebytes explains that up to 80% of data breaches will expose information held by the organisation that can personally identify employees. This includes any details which can be used to identify someone online, like phone numbers, full names, health information and addresses for example.

It is impossible to accurately estimate the extent of the potential damage possible if this kind of information gets into the hands of cybercriminals. Typical misuse of this kind of data includes obtaining new credit cards, opening mobile phone accounts, even gaining access to business and personal loans. The prospective cost is colossal and only increases with time passed after the data breach and can only be limited with actions to make the details invalid.

3 layers of cybersecurity defence

Defending against the kind of sophisticated attacks that threaten most companies today requires a multi-layered approach that can repel different types of attacks using a variety of tactics.

1 – Ensure employees education

Even during the best of times, it is human error that tends to lead to data breaches. The rise in remote work during COVID-19 has made it more likely for people to log into personal accounts on work devices or vice versa when working from home, increasing security risk.

A lack of clear policies around cybersecurity best practices for remote work opens opportunities for hackers. To limit opening, cybersecurity training should be mandatory for all remote employees. In highlighting that security is a strategic priority for the organization, you’ll motivate the entire workforce to work with security in mind.

2 – Enhance security with multi-factor authentication

In the effort to limit the threat of cybercrime, multi-factor authentication (MFA) on user accounts is essential best practice — and companies without them are sitting ducks.

While no authentication scheme 100% secure on its own, a good MFA strategy will significantly increase the resources a cybercriminal must invest to take over an account on your system, reducing the likelihood of your accounts being breached.

3 – Utilise biometrics and behavioural analytics to validate user identity

Considering both the regularity of phishing and the ease of access to personal data available on the black market, you can’t know for sure that everyone using legitimate credentials is actually a legitimate user. To combat this, alternative methods to authorise access are necessary – namely biometrics and behavioural analytics.

Passive biometrics examine the user’s characteristic behaviour, including how they hold their device, while behavioural analytics examines the typical habits of the user, like location and time of login. Incorporating both of these methods allows you to develop a very unique profile of each legitimate user which is very challenging for an illegitimate user to imitate.

A multi-layered approach

There is no one hard and fast rule to irradicate all threat of cybercrime. A well-developed cybersecurity strategy will help to mitigate, but never entirely eliminate, your risk.

This being said, by using multiple layers of security solutions, including employee education, multi-factor authentication protections, passive biometrics and behavioural analytics, your organisation will have taken the necessary steps to keep employees and customers safe.