Network security begins at the physical connection between your internal computer network and the public internet. Unfortunately, when you transmit information over an open network such as the Internet, you have no control over which servers and devices the information will pass through along the way. There are many tools, applications and utilities that can help secure a network from attack and unnecessary downtime. The security aspects include control of unwanted intrusions, continuous scanning for malware and maintaining barriers (firewalls) and private networks (VPNs).

Data security is all about protecting digital information from unauthorized access, corruption or theft. There are many tools employed that focus on masking the data.  The use of encryption is an important component of data security for both data in transit and data at rest. There are also more secure environments which store the data like the Cloud that keeps track of who has access to the data and blocks potentially dangerous file movements.

Many technologists believe that data security is more important than network security, because it’s the data that is most valuable. Hackers want to sell the data or for ransom. I think of the network as the highway to the Bank, the storage area, like the Cloud as the vault, and what’s inside the vault– is the money or data.

There is an approach to cybersecurity that is in vogue these days called “Defense in Depth”, modeled after conventional military strategy. Rather than concentrating all resources or defenses at the front line, the Defense in Depth strategy utilizes layers of protection. The key strategic takeaway is, multiple layers of defense are better than relying on a single one. Many feel it’s the better approach because there are no offensive strategies in cybersecurity only defensive ones.

If you can’t protect everything, what is the best strategy to pursue? The recent Solar Winds hack that impacted many government agencies may be the standard for defense. The attack is generally described as “highly sophisticated” which implies it was done by a nation state. The research that has been reported describes that the way the malware hid, propagated and communicated was technically innovative and brilliant. Unfortunately, it has not been reported yet how the attacks were delivered. We do know that past “sophisticated attacks” exploited basic security lapses. For example, NotPetra exploited patching deficiencies and Cloud Hopper used phishing emails which are protected by network security.  

What strategy would have worked best for attacks that exploit basic security lapses?  It seems to me the answer is multiple layers of network and data security coupled with a focus on the first line of defense- the employees themselves.