Seminar Recap: A Layered Approach to Security

By Amisha Shah | Thursday, October 24th, 2019

The average monetary cost of a malware attack for an organisation is $2.4 million as well as 50 days in time due to significant disruptions to daily business operations (Accenture). What’s more is that attacks and breaches cause irreparable reputational damage which cannot be accounted for.

With cyber-criminals and the threat landscape growing increasingly sophisticated businesses must keep up by updating their security practices. Investment firms are encouraged to have a layered approach to strengthening networks carrying sensitive client information, to keep malicious hackers at bay.

Last week, we explored a layered approach to security with investment firms at our breakfast briefing event in London. Today’s blog article will roundup the key components investment firms are advised to deploy for a bulletproof security stance, as shared by our Director of International Technology together with industry experts at the event.

How to Approach Cybersecurity?

As IT managers and business owners around the globe would agree, security is always front of mind with the threat landscape evolving at a rapid speed. Especially, when a lot can be at stake if firms fail to keep up and update their security defences regularly.

A cloud first mindset has become prevalent as businesses approach cybersecurity with a solid plan that is tailored to their business. This is important with the tendency of businesses to have a large data sprawl these days, along with an increased use of dispersed and disparate systems. So, it is vital to remain in control and know where your data and systems are, and to have a plan if disaster strikes.

Start your approach to cybersecurity by thinking about the following points:

Identify key areas pertaining to your security
Formulate a plan – Written Information Security Plan (WISP), Incident Response Plan (IRP), Business Continuity Plan (BCP)
Look at what you need to protect physically and logically
Consider a central source for identity management for effective access controls

Layering Security to Make the Most of Your Tools

After you have thought about the above, the next stage is to look at how to protect your business using a layered approach. Security cannot be achieved through deploying a single product, practice or service. Defence in depth and the use of many layers is highly recommended.

Here are some of the key security layers investment firms are enouraged to consider:

Auditing and logging who accessed your system, when they did this and what they did will help you to restrict unauthorised network access.
Patch management is recommended to prevent exploits such as system crashes and security breaches. Not implementing this layer can result in huge opportunities for spoofing, fraud and theft of large amounts of credentials.
Using applications and services that span all infrastructure types is a basic tip for firms to maintain a robust infrastructure.
Regular penetration testing, encryption assessments, firewall checks and the use of access management controls can help you avoid intrusions.
Dark web monitoring can provide an immediate notification upon discovery of any stolen firm data or credentials being advertised for public sale.
Managed phishing and training is a good practice to cover the human element of security for your business.

Overall, we recommend investment firms to adopt a security by design approach, utilising security products and services that have been designed from the foundation to be end-to-end security embedded.