With the increase in cyberattacks targeting companies, public sector entities, and individuals alike, the Greek public is slowly but steadily becoming familiar with terms like phishing. Unfortunately, this familiarity does not stem from a proactive shift toward public awareness on cybersecurity issues, but rather from firsthand experience of successful attacks that steal both personal data and financial resources.
The logical question that arises is: How can an organization protect itself?
First, it’s important to understand that an attacker only needs to breach defenses once to cause damage, whereas the defender must successfully repel every single attempt. This asymmetry between attacker and defender cannot be resolved with a miracle product or some secret trick, but it requires multiple layers of defense and solid procedures.
Let’s break down the concept of multiple lines of defense, at a basic corporate level, without assuming the existence of a blue team, responsible for monitoring logs and responding to incidents around the clock in shifts.
At a minimum, organizations should have a properly configured firewall with IPS, which allows only the outgoing traffic essential for the company’s smooth operation. Additionally, it’s necessary to implement Anti-spam services that filter emails before reaching end users, enable 2FA for email and VPN access, and ensure that Antivirus and EDR agents are installed on user workstations and servers. At the same time, it is essential to have log servers for the aforementioned systems, both for security and troubleshooting purposes. Finally, in case all these defensive layers fail, having an offsite backup is crucial to allow data recovery in the unfortunate event of a ransomware attack.
However, it is important to emphasize that it’s not enough to simply purchase all the aforementioned tools, they must be properly configured. A misconfigured or untested product creates a false sense of security, which may pass certification audits, but it can still leave the network exposed to successful attacks and stolen databases. For instance, no matter how expensive or technologically advanced a backup solution is, it’s useless if, when needed, we are unable to restore our files.
Additionally, since humans are the most vulnerable link in a corporate network, it is beneficial for employees to undergo periodic user awareness training every few months, which enables them to recognize and report potential attacks to the IT department in a timely manner. Equally important are phishing simulations and penetration tests, which evaluate whether our theoretical assumptions about the security of our network hold true in practice. It is far better to identify gaps in our defense and address them through continuous hardening, step by step making our network more secure, than to step in one day to find all company files encrypted or leaked on the dark web.
All of the above are part of a broader strategy that approaches cybersecurity like an “onion”. The more layers it has, the more effective it becomes in making the company an unattractive target. In the ever-chaotic and rapidly evolving field of cybersecurity, there are no monolithic solutions, what is required is composure, seriousness, and continuous adaptation.
Anastasis Tarantilis, Senior Penetration Tester @ Sima Security