How to defend against cyberattacks using layers

Feb. 20, 2018
You need layers of security to catch a variety of cyberattacks. What are your layers and how many are there? If you do not have a layered system, you are vulnerable to a cyberattack.

I have worked with companies in the past that did not implement the concept of layers. And it can result in very serious problems. Let me explain.

Many companies put into place very good cybersecurity defenses. They may have the latest and most effective cybersecurity appliances; they might have very good cybersecurity policies and a strong cybersecurity team. But it is only one layer. And in today’s cyber landscape it is simply not enough.

I was with a client not long ago and they asked me. “How do you keep up with all of the variety of attacks? It must be so hard to try to catch everything that is happening?” My answer to them was “I don’t.”

For example, no one person or one system, or one company can possibly deal with all of these attacks. It is simply not possible.

Then how is it done?

I am very good at helping companies defend themselves from a cybertattack. I do this in a variety of ways, but I am not under the false belief that I can do it all. There are very good cybersecurity solutions and companies out there. But please never be under the impression that they can singularly protect you.

This is where the concept of layers comes in. A great movie is the Martin Scorsese classic “Casino.” It is basically about a mobster casino manager and how he keeps the casino running and successful. And there is a scene in the movie where Robert De Niro’s character is narrating about who watches who. He says, “In a casino everyone is watching everyone, the dealers are watching the players, the box men are watching the dealers, the floor men are watching the box men, the pit boss is watching the floor men, and the casino manager is watching the pit boss, and the eye in the sky is watching everyone.”

If you ever want to see effective security in action, check out a Las Vegas casino.

Can you separate the fact from fiction?

Autoshop Solutions Whitepaper

From website data to social media, age of your website, search engine ranking and more, this whitepaper is a fun look at what you need to take seriously when it comes to your website.

Peevy

A good example

It is hard to find a better example of the proper design of security than a Las Vegas casino. Think about this for a minute. The biggest complaints I get about implementing cybersecurity policies is that it is too hard on employees, it will interfere with my business and it will harm my customer’s experience with my company.

Then you have a casino with the most amazing security and it is in a place where people are having fun and playing, and no one even notices it is going on. It can be done discretely and effectively.

Learn from this example. You need layers of security to try to catch the huge variety and mutations of attacks. So ask yourself, what are your layers and how many layers are there? If you do not have or are not working on a layered system then you are ultimately vulnerable to attack.

Five steps to implementing layers

1. Don’t put all your eggs in one basket. Have you done a cybersecurity audit? If yes great, if no you need to get started right away. If you have done one, was it internal or external? Was it by the same company every time? A good rule of thumb is a minimum of two per year, alternating between two or more auditors.

2. How many major issues are you finding on your cybersecurity audit? If you are finding more than 10 in any given time period, then you need to improve your security. There are always going to be issues but more than 10 is excessive and indicates an imminent attack is likely. Remember, the cyber criminals only need one opening.

3. Do you trust your cybersecurity provider? This goes double for all of the manufactures in the aftermarket community. How well is the contract software company you are using vetted for cybersecurity? I worked with a major IT system designer and they got hacked because one of their contract companies allowed patient data onto a test database in full view of the internet.

He called me panicking, (as he should be) asking what he should do. First, I told him he should have come to me before the problems began for prevention. But the next thing I told him is that it’s his responsibility because he is the one with the contract with the client. He should have vetted his contract company to make sure they were compliant and secure.

Many developers out there are very good at making a product. It’s your job to make sure they are good at protecting your interests and your customer’s interests.

4. Do your employees know that they are part of the cybersecurity solution? Get all employees involved from top to bottom. They are your eyes and ears. Use them effectively and it will pay off massively.

5. Ask yourself and your IT department “What layers do we already have?” If all you can come up with is firewalls, and maybe some email security then you are not there yet. Start to build up your defenses, ask the hard questions to subordinates. Ask them what they do to protect their discrete departments. It will start the process. Start on your layers today.

Subscribe to Aftermarket Business World and receive articles like this every month….absolutely free. Click here.

Sponsored Recommendations

ZEUS+: The Cutting-Edge Diagnostic Solution for Smart, Fast, and Efficient Auto Repairs

The new ZEUS+ simplifies your diagnostic process and guides you through the right repair, avoiding unnecessary steps along the way. It gives you the software coverage, processing...

Diagnostic Pre- and Post-scan Reports are Solid Gold for Profitability

The following article highlights the significance of pre-scans and post-scans, particularly with Snap-on scan tools, showcasing their efficiency in diagnosing issues and preventing...

Unlock Precision and Certainty: TRITON-D10 Webinar Training for Advanced Vehicle Diagnostics

The TRITON-D10 lets you dig deep into the systems of a vehicle and evaluate performance with comparative data, systematically eliminating the unnecessary to provide you with only...

APOLLO-D9: Trustworthy Diagnostics for Precision Repairs

The APOLLO-D9 provides the diagnostic information and resources you need to get the job done. No more hunting through forums or endlessly searching to find the right answers. ...

Voice Your Opinion!

To join the conversation, and become an exclusive member of Vehicle Service Pros, create an account today!