Multilayered defense against cybercrime

Medieval doors were extremely sturdy due to their two-layer construction and different wood grain directions across those layers. Multilayered defensive structures is a must in cybersecurity as well.

There is something strange happening in the cybersecurity world. There are still individuals and businesses who believe “a good antivirus” would solve all potential security problems, while some security experts say “antivirus is dead” and obsolete. While neither opinion is right, “the truth is out there.” (X-Files music starts here.) Facing increasingly complex security threats, organizations around the world have to set up equally complex, multilayered defenses to protect themselves. A single-purpose security product will not do well.

Medieval sturdy

The medieval wooden doors we read about in schoolbooks and fantasy literature were renowned for their sturdiness. According to Wikipedia, a typical exterior wooden door might be made out of two layers of oak planks. The grain of the wood would run vertically on the front layer and horizontally on the back, like a simple form of plywood. Iron studs held the two layers of wood together, and the structure might be strengthened and stiffened with iron bands. The studs themselves would be pointed on the front, so that attacking warriors would damage their melee weapons while trying to break through such a door.

The multilayered defense has been in practice since the ancient times: If an enemy breaks through the first row of security, he has to deal with several others, while suffering increasing losses on the way. According to contemporary conceptions, an assailing army must have at least a six-fold superiority in forces and facilities in order to win over well-prepared entrenched defenders.

This is applicable to cybersecurity as well. According to Kaspersky Lab’s Global IT Risks Report 2014, “organizations around the world are facing increasingly complex security threats. And sadly, it’s no longer the case that one product or approach can protect them from all types of malware, virus, or malicious program.”

Occasionally, there is talk of the “death of antivirus”, with various experts (sometimes even security software vendors) stating an antivirus is obsolete and we no longer need it.

The fact is that we still do need it, but it won’t work alone. Cybercrime tools today are very diverse, and you won’t beat them with just antivirus software alone, no matter how good it is. A security solution without antimalware protection won’t be very effective since new malware appears constantly. During 2013 and 2014, Kaspersky Lab detected nearly 315,000 malicious samples daily. Malware is in motion.

wide (2)

In motion

The increase in mobile device usage adds to security problems, since it is smartphones and tablets – rather than PC and servers – that are the primary targets for cybercriminals. To ensure security a company requires a multilayered, multifaceted solution that covers the entirety of the cyber-perimeter, capable of fighting off malware, hacking attacks, phishing and other attempts on the security and integrity of the corporate data. This solution would also operate effectively across a range of software platforms – all of those used in the corporate network – as well as environments: LAN, cellular, wireless, wide area networks or a combination of them, IP-based communications, etc.

Partial defenses are like large holes in a fence or a medieval door without locks or bars.

The full version of Kaspersky Lab’s Global IT Risks Report 2014 is available here.