How Defense in Depth Works?
Originally the term was a military strategy that aimed to slow down or delay the advancement of an attacker instead of using immediate reprisals with a single line of defense.
As companies and technology have evolved, it is clear that the same theory should apply to data protection. Originally, company data was physically protected, usually focusing on the security of company buildings or archives. However, today sensitive data no longer has a physical perimeter. Data gaps are headlines every day and cybercriminals find new tactics to penetrate networks. Many layers help against entry roads.
The defense in depth works for companies by implementing the three controls mentioned above (physical, administrative and technical) making it extremely difficult for unauthorized access to the data to be achieved and, if they succeed, ensure additional protection in that place so that There is no gap in the network. Compared to its originally military term, the strategy recognizes the possibility of an attack and is prepared to slow down or stop the attacker's progress.
For example, if an attacker sends a phishing email and an employee clicks on the link, the technical controls are in place to protect against any malware that is beyond. Cybersecurity products, such as secure web link doors, verify that the links do not contain harmful content or hidden malware.
The importance of the three controls working together is what makes this defense strategy a powerful approach for SMEs, which are among the most affected target groups.
Let's go deeper into each control.
Comments