The lock remains an effective deterrent to intruders. It carries a meaning; it says: access is controlled, boundaries are enforced and violations have consequences.
Standing in the way
Defense is the lock that gets in the way so a problem doesn’t become a disaster.
Part 1 of this series shone a light on the principle of detection – that warns you about a possible problem. Here in part 2 is a look at defensive controls that make your organization less of a sitting duck, and lock down intrusions so that they cannot advance.
Defense is the root of cybersecurity – specifically with passwords. And defense remains the fundamental thing, including:
- Email filtering to help keep phishing attempts from ever reaching staff inboxes
- Consistent software patching/updating
- Backups that are tested for recoverability, stored off-site
- Data encryption
- Strong passwords enforced by organizational policy (at least fifteen not-easy-to-guess characters and unique to each site or application)
- MFA (multifactor authentication), like a website’s username and password verified by a phone app
- The Principle of Least Privilege that limits access for employees’ accounts to what they need to do their jobs
Start a security program addressing these.
Email, the biggest deal
Email is the gateway to about 90% of breaches according to researcher Candid Wuest1. That means securing email is job one. And there are two main aspects to securing email: Software blocks on mail servers to intercept attacks and employee training. And these two are also nuanced because of the variety of attacks that use email as their pathway into your systems.
Spam and malware filtering catches bulk, indiscriminate email threats. M365’s business email tools and Defender catch a lot of these. Similarly if you’re in the Google ecosystem, many of these threats get caught.
But still 98% of tested accounts show malware getting through2. And this is why Bryley adds defenses like Mimecast and Barracuda, with the caveat that there is nothing in the world that is perfect at catching malware.
The kinds of additional software safeguards Bryley deploys include metadata checks like email header analysis to check the sending servers and other tells — these can show if anything seems suspicious. AI systems are trained on your employees email behaviors for activity that is beyond normal working practice. For example, is it right that a marketing employee is sending client database information to a new address?
Email account takeover attacks are a growing concern in which criminals use stolen credentials to co-opt a staff member’s email account and attempt any number of attacks like increasing permissions or tricking another employee into unlocking access for the criminal attacker – emailing via stolen account access something like ‘Hey J, Help! I forgot the login to the Z Drive. Thx.’ AI will catch many of these tricks.
Ongoing Security Awareness Training affects the rate of success of email attacks. People get fooled. Many of the attackers are pros that know how to send the right signals of trust and urgency to get a staff member to do what they want. So each employee needs to be well-versed in current red flags through on-going training that keeps the person up-to-date on methods of attack, but also that their role as front-line defense is continually reiterated. Bryley recommends phishing simulation training, security awareness classes and self-paced, online modules.
Patch, now more than ever
Patching is also of great importance to security. Many attacks get into systems from running software that has been unpatched. AIs are now being trained to search and find vulnerabilities to exploit on web-connected machines. Let me give an example of how this happens: A rarely used machine hasn’t received updates in months. It’s running an old version of Windows to support a legacy process. The older Operating System also has a known remote execution vulnerability. An attacker can use that machine as a base to push into critical systems.
And because the practice of patching is both relentless and interruptive, it tends to be underutilized. But keeping a system properly patched to close found weaknesses that could otherwise be exploited is one of Bryley’s chief and unglamorous jobs.
Of course Bryley does all it can to patch when it least interrupts employees’ work, so they can typically pick up their projects the next day as if nothing’s changed. Uptime’s our goal.
Like having a locked box inside a locked building
The Principle of Least Privilege is the under-applied policy of limiting employee access to just what they need to do their work. So that should an employee account be compromised, because the employee can only access certain files, the compromise is only of limited value to the criminal.
It’s a simple concept that can be applied no matter the sophistication of the computer system. It’s why you may have noticed consumer Windows now sets up a single user machine not by assigning the user administrative privileges by default. The permissions are limited so that the user cannot make wholesale changes or access fundamental system software.
Dormant accounts should be addressed in this vein. There is no good reason that a former employee, for example, should retain access to your computer systems. The privileges should be revoked straightaway. But too often we’ve seen accounts that should have been closed at the end of a job just remain open and so open to possible abuse.
Backups from which you can reliably recover
Reliable backups that have been tested for their utility in restoration are a primary part of a basic defense. Backups, including of data that resides in the Cloud, needs to be redundant on a different server in such a way that it can be easily restored in the event of a disaster.
Talk to Bryley about methods to keep the backed-up data beyond the reach of ransomware encryption.
Bryley advocates a 3-2-1 backup scheme that give you three copies of your data in two locations including one off-site. This redundancy done properly should give you the ability to recover from various kinds of outages in a reasonable timeframe without long periods of downtime.
Detection and defense go hand in hand
Detection and defense are the right partnership. One sees and one prevents. Without defensive locks, awareness is toothless. Without detection, locks are dull instruments that don’t know whose hand is sliding the deadbolt. Both comprise a cybersecurity stack to achieve an organization’s continuity – in spite of attackers’ plans, there are minimal disruptions to your work.
Multi-Point IT Systems Quality Check
Bryley’s Multi-Point IT Systems Quality Check is a practical way to find out where your organization stands with its IT security. Among the tests: Bryley evaluates your email security, tests your patching program, performs an analysis on your backup and restore capabilities, examines current credential practices and looks for credential leaks. Findings are presented in written documentation for your use. Call Bryley’s Roy Pacitto at 978•562•6077 x 217 or email Roy at rpacitto@Bryley.com to schedule your quality check.
What did you take away from this review of defensive measures?
1 https://www.zdnet.com/article/diverse-threat-intelligence-key-to-cyberdefense-against-nation-state-attacks/
2 https://www.huntress.com/resources/2024-cyber-threat-report
by Lawrence Strauss, March 24, 2026
Lawrence has written for Bryley since 2015. His coverage of cyber-scams appears on moneywise.com
