Are you wanting to know how to implement a layered approach to security that will actually protect your company from hackers? 

One that causes them to be so frustrated that they give up and move on.

Then you will love today’s post. 

Layered security is the only way to actually stop cyber attacks in 2020. 

Let’s dive in:

Why is layered security so important?

Layered network security involves using multiple security controls in every business operation. If an attacker is able to bypass one security layer, they will find another. For example, using Multi Factor Authentication would mean an attacker that discovered a user’s password would still have an additional security control to overcome. 

This is just one example of layering security controls.

We will look at quite a few more. 

What is a layered approach to security?

A layered security approach is important because there is no single security control that can keep hackers out. Having multiple layers of security protects you even when one of those layers fails. This makes it harder for attackers to accomplish their goal and provides more time to catch them.

Cybersecurity attacks have evolved tremendously. 

Today’s attacks are usually complicated and require the attackers to use multiple weaknesses along their path to full compromise. 

Many times, attacks even involve a mixture of targeting humans (social engineering) and targeting system weaknesses. 

The amount of devices on most networks today makes this even more complex - smart devices, printers, IoT, industrial devices, computers, servers, etc. 

This simply means more ways that an attacker can get into your organization. 

From our own experience doing penetration testing, it is very easy to get an initial foothold into most organizations. 

If they implement a layered security strategy though, it will be much harder to pivot that initial foothold to gain access to sensitive information.

The Candy Bar Effect

A lot of security practitioners refer to the candy bar effect in cybersecurity.

Having a candy bar cybersecurity posture means that an organization has strong perimeter security - a crunchy outside. But they have not implemented a layered security strategy that makes it difficult for hackers to pivot through their systems once they are in - a soft inside.

This happens when security is focused solely on keeping hackers out instead of protecting sensitive data. 

This security strategy is why we see massive data breaches so frequently.

When an attacker is able to gain access to a network, they are able to pivot to areas that should be highly secured and exfiltrate sensitive data. 

Let’s look at ways to layer security.

Network security layers

There are many ways that you can layer security. 

One widely accepted layered security strategy involved seven layers of security. 

These seven security layers are:

1. Mission Critical Assets

This is the actual data that you need to protect. Usually, this is PHI or PII on your network.

In Zero Trust, this is often referred to as “toxic data” - that is, the data that would get your company in trouble if it is leaked. 

Mission critical assets can include more than just data though.

If you have systems that must operate for your business to survive, those would be mission critical as well. 

Examples of security controls: segmentation, encryption, need-to-know access

2. Data Security

Data Security controls focus on protecting data in storage and in transit.

This includes limiting access to systems where data is stored and security that data via encryption while it is being transferred.

Ensuring integrity of the data is also important. If you can’t trust your data, you will have problems. 

3. Application Security

Application security controls protect applications.

Exploited bugs in applications is actually a huge topic and the cause of a lot of security incidents.

To achieve application security, you must use secure applications, keep applications up to date, and follow application development best practices when developing your own. 

4. Endpoint Security

Endpoint security is about securing the devices in your environment - mobile devices, laptops, servers, cloud instances, etc. Antivirus isn’t the end all for endpoint security though.

To properly secure endpoints, begin with secure baseline configurations.

Other aspects of endpoint security that should be considered include: physical security, encryption of sensitive data, and updates and patches.

5. Network Security

Network security controls protect the data traveling on your company’s network - WiFi, ethernet, cloud VPNs, etc.

Remember that if an attacker has access to your network, they can do a lot of damage.

You have to implement the proper controls to mitigate this. 

6. Perimeter Security Layer

The perimeter security layer can include physical security or electronic.

When someone talks about perimeter security, they usually mean controls like a firewall or email filter.

Basically,  any control meant to keep attackers out.  

The problem with perimeter based security is that the perimeter is changing.

With the rapid adoption of cloud technologies, the perimeter is moving.

Zero Trust is one answer to this security problem. 

7. The Human Security Layer

Some say that humans are the last layer in a layered security approach, others say they’re the first.

No matter what way you look at it, humans are a critical component in security.

Everything we do in security involves a human.

Humans configure the firewalls, open the emails, connect to WiFi, and the list goes on. 


There's no question that today's cybersecurity attacks are evolving.

Hackers are finding ways to bypass security systems every day. 

Taking a layered approach to security is the only way to successfully keep attackers out of your networks. 

Leave a Reply

Your email address will not be published. Required fields are marked *

About SmartFix

We are a family owned business that provides fast, warrantied repairs for all your mobile devices.

Brooklyn Area

2307 Beverley Rd Brooklyn, New York 11226 United States

1000 101-454555
[email protected]

Store Hours
Mon - Sun 09:00 - 18:00

San Francisco Area

358 Battery Street, 6rd Floor San Francisco, CA 27111

1001 101-454555
[email protected]

Store Hours
Mon - Sun 09:00 - 18:00

121 Resources for you to:

Learn & Master Cyber Security
Send Me the PDF
Get the Exclusive Bonus
Privacy Checklists and My Favorite Resources

Get Instant Access! 
Your information will never be shared

Reasons to Subscribe to the CyberX Email List:


 1. Free Stuff 
You'll get instant access to free resources. 

 2. Content Tailored to You 
Over time, Ill get to learn more about you and deliver content that actually matters

 3. No Hype 
Just real content that's meant to make a difference. 


Download the PDF Version Of This Guide

Want to save this guide for later? I'll email you the PDF for free. 

Would the SMB Cybersecurity Plan Be Helpful?

Do you want a proven plan for security for your SMB? How about a logical plan for reducing the risk of breaches?
Pivot To Infosec Virtual Summit - Are you wanting to pivot to infose?
Check Out Free Event