Improving your Cyber security posture with a layered approach

There has been numerous and various data breach news which have been dominating the news headline especially since the beginning of the COVID-19 pandemic. Some big names have appeared in the statics of the “breached”, so to speak. This leaves us with one big question. Is there any System which is secured enough to not be breached? Some of the reported big breaches of 2021 include big names which supposedly have enough capacity or budget to thwart any threats. See the list here on Wired.com and Security Magazine:

  • Cognyte — 5 billion
  • LinkedIn — 700 million
  • Facebook — 553 million
  • Bykea — 400 million
  • Brazilian Database — 223 million
  • Colonial Pipeline

So what can you do to improve your Cyber security posture? What is this posture all about anywhere?
Cyber security posture is the overall strength of the cybersecurity controls and protocols for detect, predicting and preventing cyber threats against it’s Information Systems, and the ability to act and respond during and after an attack.

Let’s take an example of a Web Server.

  • Server OS
  • Web service technology
  • Firewall
  • SSH
  • FTP
  • Upload form
  • Login Form protection
  • LFI
  • Directory Listing
  • CMS
  • Plugins

Form the list about, we can see that there are many aspects that make up our Web Server. If we’d just protect the website login forms and have no due diligence to protect the rest, that leaves our System vulnerable. As we protect each layer, we end up with a layered approach to achieve our Cyber security posture for our Web Server. It’d be best to secure each and every layer probably with a different solution that using a single solution which if compromised it grants access to the whole System.

In my next installment, we will talk about some available solutions that you can utilize in your Cyber security layered stack.