Thinking Outside the Box: Unconventional Methods to Strengthen Cybersecurity Without a Multi-Layered Approach

In 2020, businesses dedicated 15% of their IT budget to cybersecurity, a substantial increase from just 6% in 2019 (Varonis, 2020) [1]. These figures indicate the growing concern for securing sensitive data in the evolving digital landscape. It has long been believed that a multi-layered cybersecurity approach is the optimum way to fend off these digital threats. However, it’s time to reevaluate this long-held belief.

Contrary to popular wisdom, more layers don't always ensure better protection. In certain scenarios, they could even prove detrimental. Here’s how:

1. Increased complexity: More layers introduce more complex systems, which can lead to potential security gaps. Organizations with more complex security environments were found to experience costly breaches more frequently (IBM, 2020) [2].
2. High maintenance costs: Managing multiple security layers can be expensive and resource intensive. Global spending on cybersecurity reached $123.8 billion in 2020, primarily driven by the maintenance and upgrading of layered security systems (Gartner, 2020) [3].
3. False sense of security: An over-reliance on multiple layers may lead to complacency, resulting in lax individual security practices. With human error accounting for around 22% of data breaches (Cybint, 2021) [4], a false sense of security may prove more damaging than initially presumed.

Now, this isn't a call to abandon multi-layered cybersecurity altogether. Instead, it's an invitation to rethink our approach and consider unconventional yet more effective methods to strengthen our cybersecurity strategies:

Here's how organizations can embark on this journey:

1. Prioritize.?To prioritize your data, you need to first identify your most critical data. This data is the most valuable and sensitive to your organization, and it should be the focus of your security efforts. Once you have identified your critical data, you need to categorize it. This will help you to understand the different types of data you have and the level of protection each type needs. Finally, you need to implement appropriate security controls for your data. The level of security control you need will vary depending on the sensitivity of the data.
2. Tool consolidation. Many businesses have a wide range of cybersecurity tools in place, each designed to address a specific threat. However, this can lead to a fragmented and siloed approach to security, making it difficult to get a comprehensive view of the organization's overall security posture. A more effective approach is to consolidate tools where possible, so that businesses can have a single pane of glass for security visibility and management.
3. Strategic use of AI and automation. Artificial intelligence (AI) and automation can play a critical role in strengthening cybersecurity. AI can be used to identify and respond to threats more quickly and efficiently than humans can, while automation can help to reduce the risk of human error. However, it is important to use AI and automation strategically, so that they do not add to the complexity of the security environment.
4. Wise investments in threat intelligence. Threat intelligence is information about known or potential threats to an organization's systems and data. By investing in threat intelligence, businesses can gain a better understanding of the threats they face and take steps to mitigate those risks. Threat intelligence can be gathered from a variety of sources, including government agencies, security vendors, and industry organizations.
5. Proper utilization of SIEM systems. Security information and event management (SIEM) systems collect and analyze security logs from across an organization's IT infrastructure. This information can be used to identify threats, investigate incidents, and improve security posture. However, SIEM systems can be complex and expensive to implement and maintain. It is important to ensure that SIEM systems are properly configured and used, so that they can effectively detect and respond to threats.
6. Regular employee training. Employees are often the weakest link in an organization's security posture. By providing regular employee training on cybersecurity best practices, businesses can help to raise awareness of the risks and empower employees to take steps to protect the organization's data. Cybersecurity training should cover a range of topics, such as phishing, social engineering, and password security.

In our current business climate, we need innovative and unconventional thinking.?Given that “multi-layered” for many organizations means complex, duplicative controls, it's time to question whether multi-layered cybersecurity (as most of us understand it) is the best defense or an overrated buzzword. We must look beyond layers and adopt a more holistic, streamlined, and strategic approach to safeguard our data better.

#cybersecurity?#ITbudget?#dataprotection?#technology?#costsavings?#cybersecuritytips

References:

[1] Varonis. (2020). Cybersecurity Statistics for 2021 – the Chilling Facts and Trends.

[2] IBM Security. (2020). Cost of a Data Breach Report 2020.

[3] Gartner. (2020). Forecast: Information Security, Worldwide, 2018-2024, 2Q20 Update.

[4] Cybint. (2021). Cybersecurity Statistics for 2021