NeuEon Insights / Business & IT Strategy, Cybersecurity & Risk Management

Finding the Holes in Your Cheese

You’re probably familiar with the Swiss Cheese model of incident causes*. In short, the model presents an organization as a block of Swiss cheese, which has holes at irregular intervals. The holes represent flaws in the organization’s defenses. For an incident to occur, multiple failures have to happen. Under normal conditions, the incident is avoided because the system overall functions well. But sometimes, multiple failures occur. The “holes in the cheese line up” and allow the failure through. We usually hear this analogy applied to industrial accidents, but it applies to IT and information security incidents as well.

This is why a defense in depth strategy is important. You should design your systems architecture with multiple overlapping safeguards to ensure that a single failure doesn’t bring down the entire system. For example, you should not rely solely on a firewall to protect a critical network. Tools and techniques such as network segmentation, intrusion detection, and strong authentication work together with the firewall to keep the network safe even if the firewall doesn’t work as intended. In application architecture, we use queuing, load balancing, and horizontal scalability to make a system resilient to a single point of failure or unexpected load.

The challenge is to make sure your architecture keeps up with the changes in the threat landscape. The difference (ok, maybe not the only difference) between your architecture and a block of cheese is that the holes in the cheese are set when the cheese is made. Newly discovered software vulnerabilities, changes in threat actor techniques, evolving usage patterns and good, old-fashioned benign neglect introduce new holes that need to be plugged.

That’s why it’s important to review your security and application architectures regularly to ensure you have a good understanding of where your weaknesses are and have plans to address them. Your team knows their systems the best, and giving them the time and space to perform these reviews is an important part of your process. However, it can also be useful to bring in outside expertise for an independent point of view. At NeuEon, we’ve seen countless scenarios across industries and organizations of all sizes, and we have ideas that will help you no matter where you are in your journey.

* If you’re not familiar with this model – or even if you are – I recommend spending a few minutes on its Wikipedia page to get familiar with its history and applications.