Cyber security is a serious problem lately, even for small business. A lot of ransomware attacks!
In the first place, they are caused by poor software design by software publishers. As a result, a large number of hackers, both internal and external, can profit handsomely from an attack and get away with it.
To protect against this problem, most consultants and cloud vendors in the industry have made things more complicated than necessary. They would introduce tools such as single sign-on, multi-factor authentication, and zero-trust. They are wrapping additional layers and complexity to your IT infrastructure. These often create greater attack surface and more security holes. Also not trusting your users would often lead to poor accessibility and possibly user revolt.
ECL has a different approach to the problem. Instead of adding additional layers first, we would reduce them by using a methodology named "structural isolation". This is a series of techniques to isolate your IT subsystems into their own security zones. Each zone would have its own independent user and machine access authentication and auditing, having minimal overlap with other subsystems.
In fact, a fully isolated system is totally immune to any attacks, despite the different access methods used and the underlying software being insecure! Rather than adding security layers, shedding them should be our norm. Appropriately isolating systems is what we recommend not only as a first remediation from an attack but also as a continual infrastructure protection against attackers.
Lately, ECL has been busy assisting our clients isolating phone systems, email subsystems, instant messaging, conferencing, terminal servers, file servers, and even security and surveillance systems. We will be happy to show you an alternative to cyber security. Also enquire about our Systemaster program, where we provide guaranties against cyber attacks.