Cyber Threat Detection: The First Layer of Defence in Depth | IT Governance
Cyber crime is an increasingly lucrative business, with threat actors reportedly pocketing $6.9 billion (about £6 billion) last year. With the help of progressively more sophisticated techniques and organisations’ growing reliance on digital technology, it’s easy to see why there are so many breaches.
Organisations are being urged to respond to the threat by investing more in cyber security defences, but if those solutions aren’t part of a cohesive strategy, the benefits will be minimal.
It’s why many experts recommend taking a defence-in-depth approach to cyber security.
The framework consists of five interrelated stages (or ‘layers’) to mitigate the risk of data breaches: detection, protection, management, response and recovery.
Even if one of these defensive layers is breached, the next works to further contain the damage.
Over the next few weeks on this blog, we’ll delve into each layer, explaining what it encompasses, how it fits into an organisation’s overall approach to cyber security and the controls that can be implemented to establish that layer.
This week, we look at the first layer of defence in depth: threat detection.
What is threat detection?
Understanding the threats you face and where your organisation is most at risk of being breached is critical to information security. It’s only by knowing the specific risks you face that you can implement appropriate defences.
Threat detection works by analysing your organisation’s systems, networks and practices to identify vulnerabilities that could result in data breaches.
There are, broadly speaking, two types of threats: technical and human.
Technical vulnerabilities are weaknesses in an organisation’s networks, software and third-party services that enable cyber criminals to gain unauthorised access to sensitive information.
Although IT teams are adept at spotting anomalies in these systems, new vulnerabilities are discovered every day. It’s therefore essential that you perform regular tests to identify and address weaknesses.
There are two tests that organisations should conduct. The first is vulnerability scanning – automated probes that identify security vulnerabilities in computers, internal and external networks, and communications equipment.
The process spots open ports and detects common services running on those ports. It then highlights configuration issues or other vulnerabilities on those services, and assesses whether best practice is being followed.
The other way to look for technical vulnerabilities is with penetration tests. Unlike vulnerability scans, these are performed manually by professional testers, sometimes known as ethical hackers.
Assessments replicate the methods used by criminal hackers, giving organisations a real-world insight into the way a malicious actor might target their systems.
The techniques testers use depend on the type of assessment, but they typically search for inadequate or improper configuration, hardware or software flaws, and/or operational weaknesses in processes or technical countermeasures.
See also:
Human weaknesses relate to the mistakes that employees make that could expose sensitive data. One of the most common weaknesses is people’s susceptibility to social engineering attacks, such as phishing.
In these scams, cyber criminals attempt to manipulate people into performing actions that are against their own best interests. Phishing attacks do this primarily with emails, although attacks can also occur on social media and by text message.
The messages replicate a real organisation and urge the recipient to follow a link and hand over their login details or download an infected attachment.
Phishing is popular among cyber criminals because attacks are quick and easy to conduct, and have a comparatively high success rate.
Proofpoint’s 2022 State of the Phish Report found that 83% of organisations fell victim to a phishing attack last year. Meanwhile, Verizon’s 2022 Data Breach Investigations Report discovered that a quarter of all data breaches involved phishing.
Although organisations can use tools such as anti-malware software to protect against phishing attacks, their most effective defence is staff awareness training.
No matter how well prepared you are for a data breach, cyber criminals will always find ways to circumvent security controls. When that happens, your employees are your last line of defence.
To prevent staff falling victim to scams, you must teach them how to recognise a phishing email, as well as what to do if they are duped.
How we can help
If you want to know more about threat detection or defence in depth, IT Governance is here to help.
Keep an eye on our blog for the rest of our series on the five layers of defence in depth, or subscribe to our Weekly Round-up to receive our latest articles straight to your inbox.
We also have webinars on each of the five stages of defence in depth, hosted by IT Governance’s founder and executive chairman, Alan Calder.
Stage 1 – Detection is available to download now, while you can register for our upcoming presentations, including Stage 2 – Protection, which takes place on Thursday, 29 September from 3:00 pm.
We also offer advice on the technologies and processes you can implement to establish each of the five layers. Our services include vulnerability scanning, penetration testing and staff awareness training, which can help you develop strong threat detection capabilities.