Defense in Depth: Redundancy is your Friend

Written By Kevin Robinson

We’ve talked before about how cybersecurity is a strategic pillar, not a technical chore. But strategy only works if it survives contact with reality. In the world of risk management, that reality is simple: systems fail, people make mistakes, and attackers eventually find a gap.

This brings us to defense-in-depth.  We have mentioned it here, now we are going to discuss it.

If you’ve ever looked at how a high-end bank protects its vault, you’ve seen this in action. They don’t just buy a heavy door and call it a day. That would be a "single point of failure"—if a thief gets the key, the game is over. Instead, they build a gauntlet.

They start with cameras in the lobby to spot trouble early. They require an employee badge just to reach the back hallway. The money itself sits inside a reinforced steel safe, and even if someone starts drilling into that safe, silent sensors are already alerting the police.

This is the core of Defense in Depth: Redundancy is your best friend.

In your business, this translates to a series of "What ifs."·       

  • What if an employee accidentally clicks a phishing link? Your web filter blocks the malicious site before it even loads.·       

  • What if the site isn't blocked? Your endpoint protection—the modern, smarter version of antivirus—recognizes the "behavior" of a threat and kills the download before it can run.·       

  • What if the threat runs anyway? Your network permissions are locked down so it can’t jump from one computer to the next.

By the time an attacker reaches your actual data, they’ve had to break through four or five different systems, each one buying you time to react.

We don't build these layers because we're paranoid; we build them because we’re realistic. Relying on a single "perfect" security tool is a gamble that eventually loses. Building a layered defense is how you ensure that a single human error doesn't turn into an organizational catastrophe.

Kevin Robinson, CISSP, DDN.QTE, Associate C|CISO, is Head of Cybersecurity Services for The Commonwealth Group.  He has a 20 year career in cybersecurity, risk assessment, intelligence and counterintelligence.  His previous employers include Thornburg Investment Management, Los Alamos National Laboratory, L3Harris, and the Central Intelligence Agency.

Kevin Robinson
Previous

Non-Occupant Co-Borrowers: Fannie Mae vs. Freddie Mac
Next

Unlocking Equity: Fannie Mae and Freddie Mac Cash-Out Refinance Requirements