There is a significant rise in Cyber attacks across the world, someone falls victim approximately every 11 secs and there is a 15% increase in Ransomware attack in North America in 2024. With this continuous rise in Cyberattacks it is no longer a matter of if but when you get attacked!
One or two security measure or strategy is not enough to protect organisation’s assets from being attacked, so this leads us to the question of What is Defense In-depth?
DEFENSE IN-DEPTH DEFINED.
According to NIST, defense in-depth is an information security strategy that integrates people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization or the application of multiple countermeasures in a layered or stepwise manner to achieve security objectives. The methodology involves layering heterogeneous security technologies in the common attack vectors to ensure that attacks missed by one technology are caught by another.
In order to have a robust security architecture, defense in-depth is must and this does not guarantee that your organisation would not experience cyber incident but it could reduce impact and all forms of cost associated with a cyber attack
The cost associated to having a robust security architecture that defends and protects the networks and assets at multiple layers, cannot be compared to the loss that an organisation can experience from just a single breach as it costs way more when you experience a breach. For example;
LONDON DRUGS RANSOMWARE ATTACK
On April 28, 2024, London Drugs suffered a ransomware attack where cybercriminals stole sensitive data from its corporate head office. The attack led to the closure of all 79 stores across Western Canada until May 7 – more than a full week. The LockBit ransomware group was attributed with the attack that involved the exfiltration of files containing corporate information, including extensive internal records for London Drugs employees, immigration applications, sexual harassment complaints, and termination letters.
The cyberattack on London Drugs resulted in a complete shutdown of its operations, encompassing both store fronts and online services, lasting just over a week. This closure significantly disrupted services and operations across multiple provinces, including British Columbia, Alberta, Saskatchewan, and Manitoba. Pharmacy staff reportedly posted themselves outside stores to fill vital prescriptions for customers, but the impact to business operations was widespread and severe.
It remains undisclosed how London drugs was breached but certain proactive measures could have been taken to prevent this cyber incident.
Firstly, implementing robust cybersecurity protocols and regularly updating all systems are essential in safeguarding against malicious attacks. Conducting regular security audits and penetration testing, both AI-powered with cybersecurity professional oversight, can help identify vulnerabilities that hackers may exploit.
Additionally, investing in employee training programs to educate staff about phishing scams, social engineering and other common tactics used by cybercriminals can significantly reduce the risk of a breach. By employing multifactor authentication for accessing sensitive information can add an extra layer of protection to prevent unauthorized access. Having a strong incident response plan in place is also crucial so that immediate action can be taken in the event of a breach.
Collaborating with cybersecurity experts and staying informed about the latest threats in the industry can help companies stay one step ahead of potential attackers. By prioritizing cybersecurity as a fundamental aspect of their operations, organizations like London Drugs can minimize the risk of falling victim to future cyberattacks.
CONCLUSION
In Conclusion, having a robust security defense in-depth strategy, does not guarantee your organization would not experience cyber attacks or incidents but it would help reduce negative impacts and losses and would help the organization build cyber-resilience in the face the rising Cyber attacks across the world.
References:
https://csrc.nist.gov/glossary/term/defense_in_depth
https://www.varonis.com/blog/cybersecurity-statisticshttps://globaledge2020.com/the-london-drugs-cyberattack-2024/
Defense in depth looked like it could be a very effective mechanism against the cyberattack. Its very disturbing knowing that in every 11 seconds someone is falling as a victim of cyber attacks, and this is increasing. Furthermore, in this fast-evolving cyber world, multiple layers of security are a much-needed step. I liked the structure of the defense in-depth mechanism shown in the post. It’s very tough to overpass this level of security. However, like the post says, only this defense mechanism can stop the cyberattack unless the concern of the end user increases about the cyberattack.
Absolutely Saidul!, Defense In-depth in itself is not enough to keep the adversaries away as the cyber world keeps evolving. Everyone has a role to play in making our cyber spaces safe and keep up with the dynamic nature of the cyber space.
Great Post Ukamaka! It is nice to see the defense in-depth framework in a visual format outlining the various protection strategies that can be utilized within each layer to ultimately uplift security measures within organizations. The magnitude of the impact caused due to a singular cyber attack caused to London Drugs this past year remains of concern and highlights the importance of maintaining and enhancing security measures. Companies like London Drugs have multiple departments such as the pharmacy where confidential data on patient health is stored. Not staying up to date with security measures may lead to disastrous outcomes, especially in such departments.
Good job! The use of a Defense in depth (DiD) security strategy is assisting organizations in dealing with this problem. It requires you to account for security even when your various tools and solutions are compromised. No security technology or technique is perfect, therefore you must account for potential faults and add layers of protection by reducing the possibility of a single point of failure in your systems. Defend your castle, defend your data
This a very deep analysis, Ukamaka! The case of the London Drugs cyber incident confirms the need for a defense-in-depth strategy, which is even more alarming when considering how fast operations can be crippled and sensitive data stolen as demonstrated in this case. Maintaining a multi-layered security architecture, as you have highlighted, is most appropriate as no single solution can fully safeguard against today’s advanced threats.
Adding multifactor authentication and conducting periodic audits adds another layer of protection, but I particularly agree with the focus on employee training as social engineering continues to be the least resistant path for attackers.
Awesome Post Ukamaka, I agree having defensive in depth is super important for organizations to have to help protect themselves from attacks. I think that’s one of the big shifts that security has taken over the last few years. Where companies just had a few guys doing security maybe managing a firewall and an anti-virus on their employee computers back in the day. Where now companies need many more layers of defense and full teams of cyber security professionals to monitor and defend against attacks. I think companies in the last serval years are realising how important it is to have security measures and to take it seriously.
Awesome Post Ukamaka, I agree having defensive in depth is super important for organizations to have to help protect themselves from attacks. I think that’s one of the big shifts that security has taken over the last few years. Where companies just had a few guys doing security maybe managing a firewall and an anti-virus on their employee computers back in the day. Where now companies need many more layers of defense and full teams of cyber security professionals to monitor and defend against attacks. I think companies in the last serval years are realising how important it is to have security measures and to take it seriously.
Thank you for the post!
I completely agree with you that cyberattacks are no longer a matter of it but when you get attacked. That is why the cyber security department is becoming increasingly important in every company because we know one day it will happen. Nowadays, cyber security department in every company is getting more and more important, because we all know the damage that a cyber attacks can cost the company. And sadly, we hear that all the big companies that get the attack, and it had real consequences to our daily life. Like you mentioned in the post when London Drags got the ransomware attack, they had to shut down more than a week. Not only the company suffer significant financial damage, but also cost extremely inconvenient to the public as London Drugs is providing essential business by providing prescriptions. That being said, I like the methodology you mentioned in the post, the defence in-depth information security strategy is a way to integrate people, technology and operations capabilities to have multiple different barriers to protect the website. It sounds like a really good way to protect the company as it is something that combining different perspective to protect. I am curious in regard of the implantation and the actual function of the new way, as I am sure companies will like it if it has higher security protection. But at the same time, as we are involving, the ransomware groups are also stepping up their game, so it really, it’s a matter of time when they will break the new technology or this will be the groundbreaking technology to prevent this in the future. Good post
Great post Ukamaka, I completely agree. With the rise in cyberattacks, especially ransomware, it is clear that defense-n-depth is crucial for organizations that want to be resilient against attacks. The London Drugs case highlights how the cost of a breach ( i.e. operational shutdown, exposure of sensitive data and loss of trust) can far outweigh the investment in robust security measures. From layered defenses and regular systems to employee training, every component plays a crucial role in minimizing risk.