Practical Steps to Build a Winning Cybersecurity Stack

Guest post by Michael Jenkins, CTO at ThreatLocker 

According to IBM’s latest Cost of a Data Breach Report, the average price of a ransomware attack increased again in 2022 – rising from $4.24 million to $4.53 million in the space of just 12 months. The number of public complaints are also on the rise – with the FBI receiving a record 847,376 cybercrime reports in 2021 (a 7% increase on the year before).

With over 37,000 ransomware attacks taking place every hour, it’s never been more important for organisations to arm themselves with the most up-to-date information, defences, and solutions.

By taking a number of practical steps, companies can build the kind of effective security stacks that don’t just keep out threats – but actively improve data security.

Here’s what’s worth consideration…

The Role of the Individual

Employees who are informed of the threat ransomware poses to both their and the business’ privacy can play an important role in avoiding data breaches. A recent report shows that 32% of breaches involve phishing attacks, and 78% of cyber-espionage incidents are enabled by phishing.

A cyber-savvy employee may be able to identify typical dangers and act with security in mind, avoiding putting themselves in susceptible positions that might expose the organisation to cyberattacks. Education is not always a quick fix and a single e-learning course as part of an employee’s induction will not be sufficient to mitigate the majority of hazards. Education must become a frequent event that needs to be enforced from the top down.

It is critical to educate staff about social engineering attacks. Emails and phone calls should be handled with extreme caution. Teach employees not to open emails from unfamiliar senders and to distinguish between safe and unsafe links. All organisations should make regular data backups a habit. The best IT professionals follow a simple principle known as the 3-2-1 backup rule: They will essentially keep three copies of their data on two types of media (local and external hard drives) and one copy off-site (cloud storage).

Implement a Multi-Layered Approach

When evaluating your stack, there are a variety of factors that should be considered before signing agreements with vendors.

An organisation can suffer attacks from an end-user’s endpoint or server workload. Since there will never be a catch-all tool in the cyber community, it is crucial to implement a multi-layered approach to address different angles of attack and decrease the surface area of these attacks.

A firewall should be the first line of defence in an organisation’s cybersecurity strategy. Other tools that mitigate risk include Zero Trust controls, detection and response, vulnerability assessment, and cloud security.

Endpoint protection has become an increasingly popular line of defence for sophisticated attacks. Many organisations and government and industry regulations have identified the Zero Trust tools as a more proactive approach to cybersecurity and a way to deal with threats before hackers gain access to the system.

With so many tools available to businesses, it is easy to get overwhelmed when reviewing your cybersecurity strategy. To simplify this process, start with controls:


Application Whitelisting: Control which application is allowed to operate on each endpoint.

Application Containment: Control interactions with allowed applications by limiting its interaction with other applications, network resources, registry keys, files and more.

Multi-factor Authentication: Take additional steps in preventing damage caused by credential theft.

Firewall: Monitor incoming and outgoing traffic to and from your network.

Privileged Access Management: Control user privileges; add or remove local admin capabilities to or from those who do or do not need them.

Storage Control: Control who or what can access your data stores.

Network Access: Control how endpoints within your network can communicate.

As attacks become more sophisticated, it is important to have a third line of defence and remediation. This can be done with threat detection/ operations software.


Anti-Spam/Phishing: Software that blocks potentially dangerous emails from your inbox.

EDR: Endpoint Detection and Response; Detects changes in patterns within your infrastructure and alerts your admin team.

MDR: Managed Detection and Response; Outsourced cybersecurity services, usually with a Managed Service Provider (MSP).

XDR: Extended Detection and Response; threat detection and incident response that integrates multiple security products into a cohesive system

Antivirus: Designed to detect and stop malware.

Threat Hunting: Actively searching for malicious software within your environment that may not have triggered any alerts.

IDS/IPS: Intrusion Detection/Prevention System; monitors network traffic for possible intrusions and stopping the detected incidents.

SIEM: Security Information and Event Management; aggregates event data used across application, network, endpoint and cloud environments.

Other tools – which are not needed in every organisational structure but can prove extremely helpful – include content filtering, browser security, Remote Management and Monitoring (RMM) software and backup disaster and recovery.

Research Different Vendors

It is important to assess your threat landscape to identify and implement the right  cybersecurity tools for your organisation. Do some online research and comply with industry standards using tools backed by government bodies. Taking advantage of these resources can help you assess your cyber readiness and identify gaps in your stack. Furthermore, review sites such as G2 and Capterra can provide you with insight from business in your industry.

For businesses with a larger spending capacity, a Gartner or Forrester subscription will be a great way to receive additional research and consult analysts on elements of your stack. Connecting with industry experts or joining peer groups can also assist with making better informed decisions for your businesses’ needs.

Online Safety: A Continuous Journey

A multi-layered approach is the best way to mitigate risk and decrease your threat exposure. Components of the cybersecurity stack can change as technology advances and so does the attack landscape. Be sure to review your stack multiple times a year to ensure you are staying up to date with the latest technology.

Ransomware is a continuing, fast-expanding global issue, and data privacy is frequently jeopardised these days – so it has become crucial in today’s cyber landscape to remain ahead of the bad actors.

Employing a multi-layered cybersecurity stack and combining it with regular cybersecurity awareness training will decrease your risk and help keep your business safe from cyber attacks.

See more stories here.