Skip to content

ESET partners with Dutch telecommunication & IT provider KPN

  • ESET and KPN join forces to protect their customers from unwanted, malicious, and fraudulent content
  • ESET NetProtect solutions provide network security for the whole household and IoT devices for KPN customers

BRATISLAVA, December 6, 2023 — ESET, a globally recognized leader in cybersecurity, today announces its strategic partnership with a Dutch company, KPN, the leading telecommunications and IT provider in the Netherlands. Through this collaboration, ESET introduces ESET NetProtect to KPN’s customers, a cutting-edge DNS Filtering solution designed to protect home networks, including IoT devices, against malware, phishing, and unwanted content.

KPN takes its customers’ security very seriously. In 2022, 15% of the Dutch population were victims of cybercrime, out of which, 50% were online scams and financial fraud, and hacking was experienced by 20% of recipients, which is why KPN and ESET are coming together to deliver the best solution to their customers. KPN, an internet service provider, wants to protect the traffic on its network and, ultimately, protect its customers by creating a safe and secure internet environment.

ESET NetProtect functions by filtering DNS (Domain Name System) before they are accessed by devices connected to household connections via routers. For KPN’s customers, the services are effortlessly activated with a single click through the user’s trusted internet provider, ensuring automatic protection for all connected devices.

This is particularly useful nowadays since households use both smart and IoT devices that cannot be secured by traditional security software and ESET NetProtect provides the protection for an uninterrupted experience. For devices with already installed protection, ESET NetProtect works as an additional security layer to the ecosystem.

ESET NetProtect is a formidable shield, preventing sensitive information, such as bank card details, from leaking via phishing or scam websites, leveraging DNS filtering to provide smooth and reliable protection. One of ESET NetProtect´s biggest advantages is its one-click activation. This creates a solution that is easy to use for all ages and cyber-knowledge groups, making security even more accessible. On top of that, this layer of security makes it harder for new threats (such as the use of AI in phishing, which makes malicious messages seem more believable and harder for the naked eye to recognize) to get through to the end user. This is especially important for parents who want to keep their children safe while online unsupervised. The solution also includes a monthly summary of malicious sites and thwarted cyber threats as well as Malware and Phishing Filter and Potentially Unwanted Content Protection.

Through the user-friendly management portal, end-users can easily configure ESET NetProtect settings for their connected devices, manage domain permitted and blocked lists, and generate security reports. This portal offers valuable insights into ESET’s protection mechanisms. All of these solutions were developed to protect devices linked to Telco and ISP networks, shielding them from a multitude of threats.

Reliable security, that is easy to use, is a priority, supported by local customer service and comprehensive protection that stays one step ahead of online threats. This is made possible through ESET’s extraordinary database of malware detections compiled from its global network of research and development centers.

Mária Trnková, Chief Marketing Officer at ESET, shared, “People and their security are the top priority for us at ESET. New emerging technologies are undeniably becoming an integral part of our day-to-day lives, however, the threat landscape is not falling behind. The threats are getting more sophisticated, which is even more important now, than ever before, to deliver easy-to-use reliable solutions, that can ensure our protection. With ESET NetProtect we have crafted such a solution and we are delighted to now protect KPN´s customers.”

Gijs Isbouts, VP of KPN Veilig: “Smart TVs, smart lamps or a smart (energy) meter,.. we are increasingly digitally connected and the number of smart devices in our homes has skyrocketed, so it feels like a mission for us to ensure that our customers really feel safe online. New times call for new solutions, and that is exactly what we are tackling here together with Eset. Our solution KPN Safe Network at Home, which we offer together with Eset, enables our customers to maintain control over their online security at home, without having to be technically skilled and the great thing is, that you enable it with just the click of a button.”

Read more about ESET NetProtect here.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

NordLayer’s 2023 wins: 7 prestigious awards and G2 recognition

In 2023, NordLayer earned seven major awards, showcasing its growth in cybersecurity and network solutions. The awards include honors from the American Business Stevie® Awards, Globee® Cybersecurity Awards, and Cyber Defense Magazine’s Top InfoSec Innovator Awards. These prizes demonstrate that NordLayer is truly stepping up its tech game. The company also received 25 G2 award badges in fall 2023, confirming its rising industry status.

Awards 1400x5700

US business recognition: the American Business Stevie® Awards

Known as “The Stevies,” the American Business Awards symbolize US business excellence. Since 2002, they have recognized achievements in various sectors like marketing, IT, and customer service. The awards welcome entries from all US organizations, regardless of their size or type.

The Stevies’ judging involves over 230 global professionals annually. Judges from various fields assess each entry for excellence. The awards feature Gold, Silver, and Bronze levels, reflecting different achievement tiers.

quote 1 1400x7040

NordLayer’s win in the Stevie® Awards’ Best Business Technology Pivot category, showcases our innovation and adaptability. This achievement places us in a prominent spot within the US business sector. It also confirms our effective approach to business technology and cybersecurity.

Global recognition at the Globee® Cybersecurity Awards

The 19th annual Globee® Cybersecurity Awards are a key global platform for cybersecurity excellence. They cover numerous categories, highlighting important advancements in this area. Over 250 experts rigorously evaluate entries, underscoring the competitive aspect of cybersecurity innovations.

NordLayer’s NordLynx received recognition, demonstrating our impactful role in cybersecurity. This highlights NordLayer’s significant position in the field and our commitment in digital security.

Top InfoSec Innovator Awards by Cyber Defense Magazine

In its 11th year, the Top InfoSec Innovator Awards by Cyber Defense Magazine represent a key accolade in the cybersecurity field. These awards recognize notable advancements in information security, with categories that span threat detection, risk management, and cyber defense strategies. Established in 2012, Cyber Defense Magazine provides a platform for these awards.

quote 2 1400x7040

NordLayer’s achievement as the Most Innovative Zero Trust highlights our role in developing crucial security measures like the Zero Trust approach.

The SaaS Awards: spotlight on software-as-a-service excellence

The SaaS Awards, established in 2015, have become a key global benchmark in the software industry. They focus on Software as a Service achievements, attracting a diverse range of global companies. The awards span numerous categories, reflecting the diversity and innovation within the SaaS sector.

An international panel of industry experts judges these awards, focusing on innovation, usability, and performance. This guarantees a thorough review of all entries. NordLayer’s finalist position in the Best Security Innovation in a SaaS Product category marks significant industry recognition and underscores the importance of a forward-thinking approach to security in SaaS solutions.

Technological advancement in security: the Computing Security Awards

The Computing Security Awards are a key event in the cybersecurity industry, recognizing excellence in network and information security. These awards attract entries from a wide range of global companies.

NordLayer’s 2023 finalist status for Network Security Solution of the Year highlights our cybersecurity effectiveness.

Effective remote working environments: the RemoteTech Breakthrough Awards

The RemoteTech Breakthrough Awards, part of Tech Breakthrough, honor excellence in remote work technologies. In the digital and remote work era, these awards have become increasingly relevant.

NordLayer’s win as the Best Overall Remote Work Security Solution of the Year in 2023 from over 1,250 nominees showcases our prowess in remote work cybersecurity. This award highlights our commitment to secure and efficient remote work solutions.

Merit Awards: recognizing technological innovation

Founded in 2022, the Merit Awards honor global industry achievements with a focus on technology. These awards recognize leaders in innovation and technological progress, assessing cutting-edge technology submissions. Marie Zander, the executive director, emphasizes that the 2023 Technology Award winners have set new standards in technology use.

The selection process involves a diverse panel of industry experts and educators. Winners, categorized into gold, silver, and bronze levels, receive digital badges and promotional tools for recognition. NordLayer’s cybersecurity win at these awards highlights its significant role in driving technology innovation.

Users’ recognition: NordLayer’s achievement in G2 awards fall 2023

G2, a top software marketplace, is known for authentic user reviews on various products and services. With over 90 million users annually, including Fortune 500 employees, G2 is a key software resource. In fall 2023, NordLayer earned 25 G2 awards, showing its excellence in multiple software categories. This user-driven recognition makes NordLayer a top performer in the software landscape.

Business VPN Leader category

In the highly competitive BusinessVPN Leader category, NordLayer won nine awards, demonstrating its strong market position. These awards focus on partnership quality, multi-device usage, customer support, and protocol choices, key to user satisfaction. The range of awards includes:

  • Business VPN Momentum Leader

  • Business VPN Leader

  • Business VPN Leader: Americas

  • Business VPN Leader: Asia-Pacific

  • Business VPN Leader: Europe

  • Business VPN Mid-Market Leader

  • Business VPN Mid-Market Leader: Americas

  • Business VPN Small-Business Leader

  • Business VPN Small-Business Leader: Americas

Best Secure Access Service Edge (SASE) platforms

SASE platforms unify various security solutions into a cloud-native service for modern computing needs. These platforms, evolving from secure web gateways and cloud access security broker (CASB) software, include Zero-Trust networking and secure perimeters. NordLayer stands out on the following categories:

  • Cloud Security Leader

  • Cloud Security Leader: Americas

  • Cloud Security Small-Business Leader

  • Cloud Security Small-Business Leader: Americas

Network Access Control (NAC) leader category

In the Network Access Control (NAC) category, NordLayer’s awards demonstrate our prowess in policy control and data protection. G2 evaluates factors like partnership quality and security. So, G2’s recognition reinforces NordLayer’s position with titles like:

  • Network Access Control (NAC) Momentum Leader

  • Network Access Control (NAC) Leader: Americas

Significance of NordLayer’s diverse awards

NordLayer’s varied awards across different sectors highlight our dedication to solving cybersecurity challenges. These recognitions affirm the effectiveness of our approach, in line with our mission to simplify cybersecurity for organizations. With user appreciation as a key indicator of success, each award marks NordLayer’s progress in the cybersecurity field.

Organizations seeking to strengthen their cybersecurity can rely on NordLayer’s recognized solutions. For more information or assistance, please contact our sales team.

Genetic data leak, 23andMe point to credential stuffing

Hackers are selling genetic data stolen from users of the company 23andMe. The company itself says they weren’t breached, although their users’ data was used by what seems to be a single threat actor stealing personal details and genetic data. This data was then published or advertised online. 23andMe suggested that the threat actor(s) gained unauthorized access with “recycled login credentials”, a technique known as credential stuffing.

The logic is simple: Keep trying stolen username/password combinations, and eventually, they’ll work on another site. An easy solution to credential stuffing attacks? You guessed it: Multi-factor authentication (MFA). While 23andMe has offered an MFA feature since 2019, it was not made mandatory for users. With genetic and personal data at stake and up to 7 million users affected by these recent breaches, it might be time for a change in policy.

The Bleach Breach: Clorox revenue and supply chain hit

Clorox, the household cleaning giant, predicts a more than 20% drop in quarterly sales due to a cyberattack (thought to be ransomware) that caused product shortages and operational disruptions. Manufacturing, often kept running by legacy systems and sprawling workforces, suffers more cyberattacks than any other industry.

The Clorox incident is being linked to the same group responsible for the MGM and Caesars Palace hacks, discussed in our previous episode, which occurred around the same time in August 2023. “Scattered Spider” is notorious for using social engineering methods to gain access to internal systems. The Clorox Company’s share price has dropped by over 7 percent in the last month.

Wearable AI: Trendy or just trending?

Tech companies are rushing to secure the lead in wearable AI products. Meta has collaborated with Ray-Ban on a pair of high-tech glasses, enabling wearers to live stream directly from the glasses to Facebook or Instagram and voice activate Meta AI, “an advanced conversational assistant”. Jony Ive, Apple’s legendary former design lead, and OpenAI are reportedly teaming up to design the “iPhone of AI”.

Rewind.ai unveiled a neck-worn pendant that records conversations to your smartphone and creates a searchable database of life moments. Humane, imagining “a world where you can take AI everywhere”, have developed a smart device that resembles a badge or lapel pin.

The common goal here seems to be for technology to rely less on screens, to fade from view, and become all but invisible.

Stay tuned for the next episode of Cyberview.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

When an employee’s social mindset becomes a threat to business

In today’s business environment, where innocent GIFs and shared documents can be weaponized, protecting cloud-based collaboration from the spread of malware should be a priority.

As our lives settle ever deeper into online environments and digital behaviors, cybercriminals are leveraging new vectors that allow for phishing, data theft, and spreading malware. Recent incidents show that mixing people’s professional and personal minds (an ever-present human factor) can create new weaknesses in a business’s cybersecurity.

Imagine your employees browsing their favorite social media platform on their personal time; they might find an interesting picture or emoji and its embedded link, which they then share — no one would mind such a distraction. Now, imagine your employees checking their various professional chats and threads; something between their personal and professional interests sparks their minds. Hence, they react by sharing an article, an interesting picture, or an emoji and its embedded link. This time, they share with their colleagues on a cloud-based platform such as Microsoft Teams . . . just for fun or even for professional inspiration.

A pretty common thing in an office, right? Well, bad actors can abuse even these everyday activities. Putting it simply, behaviors common to navigating and enjoying social media platforms can raise risks for business platforms, which have now become ubiquitous for small and medium businesses (SMBs) and enterprises alike.
Fortunately, multilayered ESET cybersecurity technology has an answer for such incidents with ESET Cloud Office Security (ECOS), which is now expanding beyond Microsoft 365 applications to include the Google Workspace.


Image 1. ECOS Dashboard with an overview of protected apps

Sharing reports, jokes, and malware

Let’s start with weaponized pictures, GIFs, and emojis. The technique of concealing a file, message, image, or video within another file, message, image, or video is called digital steganography, and it is nothing new in cybersecurity.

The first documented case of its use in a cyberattack dates back to 2011, when the Duqu malware was discovered. This malware gathers data about the infected device and transmits them back to the command-and-control (C&C) server hidden in a JPEG file meant to look like an innocent picture.

Since then, ESET researchers have analyzed numerous similar attacks.

In 2022, BleepingComputer reported about a new attack technique called GIFShell that allows threat actors to abuse Microsoft Teams for phishing attacks and executing commands to steal data using GIFs.

Using numerous Teams vulnerabilities, GIFShell allows an attacker to create a reverse shell. This technique tricks users into installing malware that connects the victim’s device to the attacker’s command-and-control server. After the connection is established, the command-and-control server delivers malicious commands via weaponized GIFs in Teams. These commands can, for example, scan the device for sensitive data and then exfiltrate the output, again, through GIFs retrieved by Microsoft’s own infrastructure.

Large cloud-based platforms like Microsoft 365 with its Teams app saw rapid growth during the pandemic and, by Q1 2023, had approximately 280 million users. With such growth and new online behaviors, the scope for abuse on large platforms has only grown.

However, increasing attention has been shown to these threat vectors by researchers. In June 2023, UK-based security services provider Jumpsec’s Red Team discovered an easy way to deliver malware using Microsoft Teams via an account outside the target organization. Even though Microsoft Teams has client-side protection preventing file delivery from external sources, Red Team’s members bypassed it by changing the internal and external recipient ID in the POST request of a message.

That way, researchers were able to fool the system into thinking that an external user was, in fact, an internal account. Specifically, they successfully delivered a command-and-control payload into a target organization’s inbox. If this attack had happened in a real-life environment, bad actors could have taken over the control of a business’s devices.

Users shielded via multilayered protection

To deal with threats coming from increasingly popular cloud-based applications, ESET created its Cloud Office Security (ECOS) solution. It is a powerful combination of spam filtering, anti‑malware scanning, anti‑phishing, and advanced threat defense capabilities able to mitigate even never-before-seen threat types.

With this multitenant and scalable product, businesses can protect their entire Office 365 suite, including Exchange Online, MS Teams, OneDrive, and SharePoint Online. For example, one of the things that ECOS does is that it scans all files transmitted through MS Teams and those uploaded or downloaded to SharePoint Online, scanning it regardless of who the author of the content is.

ECOS effectivity in numbers:

  • In the first ten months of 2023, ECOS detected and blocked over 1 million email threats, over 500,000 phishing emails, and over 30 million spam emails.
  • Thousands of never-before-seen detections were made by the cloud analysis component of ESET LiveGuard Advanced.
  • ECOS detected and stopped tens of thousands of threats in cloud storage and collaboration tools like OneDrive, Teams, and SharePoint.

In its latest offering, ESET goes even further, integrating ECOS with Google Workspace to protect users from the aforementioned threat types. This means that ESET now protects the major cloud email providers.

Adding more protection

The many functions outlined here are critical for security in large part because they scale easily and provide concrete improvements for businesses. However, ESET has sought to do even more for SMBs. In October 2022, ESET endpoint security solutions integrated with Intel® Threat Detection Technology (Intel® TDT), which went live for select vPro 9th Gen (and higher) powered laptops, with integrated functionalities providing improved hardware-based ransomware detection.

This year has seen further improvements to the integration with the higher performance of the newly launched 13th Gen Intel® Core™ processors, which further enable unique ransomware detections shared between ESET endpoint security and its layers, and Intel’s performance monitoring unit (PMU) sitting beneath applications, the operating system, and virtualization layers gathering CPU telemetry as threats attempt to execute.

This solution is especially advantageous for SMBs because it further expands the comprehensive nature of our multilayered solution without the need for any direct management.

Preparing for attacks doesn’t have to be complicated

Techniques that allow the breach of a business’s security through its employees and their (in-app) behaviors demonstrate that cybercriminals use every possibility to circumvent standard cyber defenses.

Via an ECOS’s easy-to-use dashboard, its Cloud Management Console, businesses can not only manage their security but also rapidly detect, assess, and respond to cyber incidents, making it a perfect solution for businesses of any size.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

23.11.2 ‘Saturn’ released

Changes compared to 23.11.1 

Bug Fixes

  • Fixed an issue with remote registration failing to authenticate users when being used by a tenant admin

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Comet
We are a team of dedicated professionals committed to developing reliable and secure backup solutions for MSP’s, Businesses and IT professionals. With over 10 years of experience in the industry, we understand the importance of having a reliable backup solution in place to protect your valuable data. That’s why we’ve developed a comprehensive suite of backup solutions that are easy to use, scalable and highly secure.

Understanding defense in depth: A comprehensive guide

Navigating digital security threats can sometimes feel like crossing a minefield. With new dangers arising, it’s not enough to rely on a single tool to keep all sensitive data in an organization secure. That’s where defense in depth comes in – an approach that combines physical and digital security measures for an all-encompassing protection strategy.

However, this approach doesn’t mean using random tools – there’s a system to how each defense layer is implemented. Let’s see how setting up a defense in depth strategy benefits organizations.

What is defense in depth?

Defense in depth (DiD) is the strategy of layering different physical and digital resources to reinforce the security measures in an organization. It’s a preventative approach aiming to decrease the odds that sensitive data will be breached or stolen.

Defense in depth shares its name with a Roman military strategy. This tactic saw the Roman military taking a defensive approach rather than going after targets themselves. If the enemies reached the Roman Empire’s borders, the Romans would allow them to cross. Once on their native soil, the Roman military would attack the enemy from within the border provinces. This made it more difficult for enemy forces to reach cities and cause significant damage to land.

Centuries later, this layered strategy has become what we now know as defense in depth cybersecurity. The principle is simple — an organization sets up a range of digital and physical protective barriers that discourage attackers from striking in the first place. Even if a hacker manages to crack one of the layers, they still have to face the rest of the defensive system. With enough varied layers, an organization may establish an impenetrable line of defense.

You might be eager to cut into this defensive cake and see each of its layers. So let’s take a closer look at how this approach works in practice.

Defense in depth architecture

To visualize the concept of defense in depth, you can think of concentric castles – medieval structures that were fortified with multiple inner and outer walls. Each wall added challenge to attacking forces and helped fend off threats longer. At its core, defense in depth works the same – each layer makes it more difficult to breach the system.

Defense in depth mechanisms are generally grouped into three categories:

  • Administrative controls

  • Physical controls

  • Technical controls

Each of the categories consists of different tools and strategies. The range of tools used in defense in depth varies based on the needs and resources available to an organization. Typically, technical controls make up half the architecture, with physical and administrative controls accounting for the rest.

Administrative controls concern the procedures and policies that your company employs. This encompasses processes in practically all areas of the organizational structure. The processes of hiring and how much information is revealed to a candidate, onboarding and offboarding, and data processing regulations all contribute to administrative controls. You can also think of company-wide initiatives such as safety training or protocols that are set in place in case of a data-related incident.

Physical controls refer to a hands-on approach to security. The security guards patrolling the building, cameras installed on the premises, and the locks protecting the entrances and exits all count as physical security measures in a defense in depth infrastructure. Remember that while many attacks occur exclusively online, it doesn’t mean that someone won’t try to break in or snoop around the headquarters. Protecting your physical data storage is as crucial as the digital side.

Finally, technical controls encompass a broad range of digital tools that help ensure the protection of your sensitive information. When we talk about technical controls, we typically discuss software, although hardware storage can also be used for data storage and protection. Antivirus and anti-spyware tools, cloud storage, virtual private networks, password managers – anything that can act as an extra layer of security works.

Essential principles of the defense in depth security strategy

There’s a philosophy behind every strategy. At their core, the defense in depth principles are simple – layering different security measures to optimize the protection of a database. The more layers a system encompasses, the more discouraged malicious attackers are from striking it. If they manage to rip off one security layer, they encounter a new one deeper down.

The goal of defense in depth is to account for potential failures in all areas and minimize loss if a successful breach were to occur. While software breaches and corrupt hardware can be the culprits of a vulnerable system, the weakest link is often the employees themselves.

Negligent behavior, such as insecure file sharing, use of weak passwords, and reuse of the same login credentials for different accounts, can lead to easy targeting and subsequent damage. As such, combining the three types of defense in depth controls aims to protect the company from attackers as much as from human error.

The power of layered security in cyber defense

Despite an overlap and the tendency to use both terms interchangeably, defense in depth and layered security aren’t the same. While defense in depth is an all-encompassing structure that aims to protect the security of all crucial data in your organization, layered security is focused on using different measures to withhold a particular threat or protect one area of the organizational structure.

As you can imagine, setting up layered security or defense in depth layers is an intricate process. After all, you’re essentially building defensive walls to protect sensitive data at your company’s core. It’s about finding the right people and tools for your company, dedicating your resources to keeping things running smoothly, and blocking attackers before they even strike.

Defense in depth – in practice

Hypothetically, here’s what defense in depth cybersecurity infrastructure can look like in an organization:

  • The physical headquarters of a company are patrolled by on-site security 24/7.

  • Each employee is issued a unique keycard to access the premises.

  • All employee accounts are protected by login credentials.

  • All passwords are changed at regular intervals according to company policy.

  • All employees must use a password manager and enable two-factor authentication.

  • Remote employees connect to the company’s virtual private network to avoid using insecure public Wi-Fi.

  • All computers are equipped with antivirus software.

  • All operating systems and software must be kept up to date.

  • All employees should complete digital safety training.

  • The company should undergo regular auditing to ensure all security measures are in place.

  • All sensitive company and client data must be stored in secure servers.

  • A dedicated team should have an established action plan in case of a data breach.

  • A support team should be on call in case of an emergency.

Notice which of these measures fall under technical, administrative, and physical controls. As you implement your own strategy, you’ll see that, in some instances, the strategies and tools overlap and support each other, reinforcing the effectiveness of your layered defense mechanism.

Best practices of defense in depth implementation

The key tip for maintaining a successful defense in depth approach is keeping everything up to date. After all, cyber crooks are working on new strategies and tools to get past your defenses, and you want to ensure you stay ahead of the threats.

Ensure that all software you’re using is regularly updated. Outdated software often contains security gaps that hackers can exploit, so make sure the patches are installed. This also goes for online platforms – if services you rely on are breached or become obsolete, you need to relocate your data securely.

Don’t forget hardware – have an action plan if your devices are damaged or stolen. The same goes for in-house security and measures like setting up protocols in case an employee’s or guest’s entrance card is stolen or lost.

Of course, updating your own knowledge is essential. Hold regular training sessions, follow the latest data breach news, keep yourself informed about lurking threats, and learn the strategies that you can implement to fend off the attacks.

How NordPass can help

As we’ve seen, the technical layer holds the most weight in a successfully resilient defense in depth structure. That means amping up your technical toolkit is priority number one for your organization. Improving the company’s password protection is not something to overlook.

Human error is among the leading causes of data breaches. Whether it’s negligence, bad password management, or malicious intent, humans are usually at fault. As such, organizations need to work on policies and tools to reduce the risk of incidents caused by employees. Despite the growing popularity of passkeys, passwords are still the most common security tool that each member of the organization relies on, making them equally vulnerable and valuable.

Here’s where NordPass comes in. As a business-optimized password manager, it helps you keep all of your organization’s sensitive information secure, whether it’s login credentials, company bank accounts, or client information. With NordPass, you can create, store, and manage strong passwords that are difficult to crack. Two-factor authentication ensures that you’re the only one who can access your password vault.

Secure password sharing can often be a point of contention because people use the easy yet insecure option to pass along login credentials via email, non-encrypted messages, or Post-It notes. NordPass eliminates this risk, allowing you to share your saved items with your colleagues in-app securely. Additionally, administrators can set up company-wide password policies that require all employees to update their passwords at regular intervals, bringing the best practices of technical and administrative controls into one.

Bottom line

Setting up defense in depth for your organization might take some time, but the rewards are long term – you can rest assured that your sensitive data is under lock and key and incredibly difficult for unwanted actors to access.

If you’re unsure where to start, setting up NordPass for your organization is the perfect first step. Have your team follow secure password practices and keep their credentials updated. You won’t have to worry about coming up with new, unique ideas for each reset – simply use our Password Generator and autofill the details whenever you log in to an account. There’s no easier way to start building the defense walls around your data.

New to NordPass?

You don’t need to be a rocket scientist to start using NordPass on a desktop device. Just add the standalone extension and you’re all set — no need to download or install the app!

Check out our detailed support guide for getting started with NordPass quickly and easily.

Once you have the new extension running on your browser, you can start using NordPass to its fullest extent.

If you have any further questions regarding the changes or NordPass in general, do not hesitate to contact our tech-minded support team at support@nordpass.com — they’re ready to take care of any issues you might have. Also, if you have any suggestions or feedback, simply submit a request for our team — we’re all ears, all the time.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×