Page 22 - Cyber Defense eMagazine December 2023
P. 22
process can be slow and inefficient. A breach may occur before network security and cybersecurity
engineers get the green light to implement critical initiatives. By instituting a top-down approach to
cybersecurity, upper management underscores the importance of security policies and the necessity of
securing connected devices and networks.
Top-down strategies also tend to be wider-reaching, as management teams recognize that the
responsibility of protecting the organization does not rest on the shoulders of the IT department alone.
Instead, everyone is equally responsible and accountable because every department, office and
employee is susceptible to cyberattacks or unintentional data leaks due to non-secure processes or
behaviors. When vulnerabilities lead to security and data breaches, they can have an enormous impact
on a brand’s reputation — not to mention the potential price tag in the millions of dollars to remediate
these issues when they occur.
Today, organizations across every industry need to create a culture of safety where every individual
receives training and understands their role in the broader enterprise’s security posture. Underscoring
this point, Opensource.com rightly points out that a system is only as secure as the least safety-conscious
team member.
The Four Levels of a Multi-Layered Security Strategy
There are many avenues by which bad actors can infiltrate a business network, including through
unencrypted communication models, unsecured device ports, and connected technologies being
deployed without have key security measures in place, like authentication. In addition to a top-down
approach, businesses must incorporate a multi-layered strategy to establish company-wide protection
against cyberattacks. Generally, a multi-layer approach has four levels: device, network, application, and
cloud.
1. Device-level security: Consists of built-in security measures that protect the IoT device itself,
such as encryption, secure boot, protected ports, and configuration monitoring. In particular,
device-level security ensures that connected devices' firmware under corporate jurisdiction can
get updated as new vulnerabilities arise.
2. Network-level security: Includes measures like firewalls, intrusion detection and prevention, as
well as virtual private networks (VPNs) to safeguard the communication between devices on the
broader network. In addition to being secure, a network must remain always-on, meaning that it
is resilient and can continue to function amid challenges to normal operations and maintain
service for customers and connected applications.
3. Application-level security: This layer entails those security measures that protect the
applications and data running on IoT devices, like access control, data encryption and secure
APIs.
4. Cloud-level security: The cloud is central to IoT, as companies cannot collect or analyze the
data generated by their connected devices without uplink connectivity and a path to the cloud to
store that data. This level of security includes measures like identity and access management,
Cyber Defense eMagazine – December 2023 Edition 22
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.