The National Institute of Standards and Technology defines defense-in-depth as an information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of an organization. As seen with recent news involving Barracuda and MOVEit, new vulnerabilities and potential for compromise occur often and can come from anywhere.

Here are some practical steps for implementing a defense-in-depth approach:

• Implementing multi-factor authentication (MFA);
• Conducting information security training to recognize phishing emails;
• Creating and using an Information Security Policy;
• Creating and testing backups of critical systems.

Unfortunately, there is no perfect cybersecurity plan. However — whether your cyber and information security plans are just being created or have reached a level of maturity — utilizing defense-in-depth and continuously improving upon the plan in place creates better resiliency with less chance of compromise when the inevitable occurs.