By Brock Hesler, Senior Account Executive, OTAVA

With the most cyberattacks occurring around the holiday season, it makes perfect sense that October is Cybersecurity Awareness Month. But businesses are compromised every day of the year, so cybersecurity and resiliency are nonstop imperatives.

For mid-sized companies on a growth path, the consequences of a breach, including operational downtime, costly regulatory penalties, and loss of customer trust, are severe. Today, no matter how big or small your operation is, integrating cloud and security technologies isn’t just a nice-to-have, it’s an essential foundation for survival.

By combining robust cloud infrastructure with layered data protection, companies can stay ahead of ransomware, insider threats, and other risks, ensuring they are prepared rather than reactive.

Today’s Cyber Threat Reality

Today the threat landscape is both universal and unrelenting. Common attack vectors include ransomware, phishing, insider threats, and supply chain risks. Mid-sized businesses are prime targets because they hold valuable data but often lack the resources to adequately protect it.. Limited budgets and smaller IT organizations are the norm for most companies today. And with AI in the mix, breaches are just becoming more frequent, more sophisticated, and harder to detect.

Take for example the 2023 breach of Discord.io, not the well-known, multi-billion dollar corporation Discord, Inc., but rather a smaller third party service business  that allowed users to create custom links for their Discord channels. After a hacker stole the data of 760,000 users, the company had to cease operations and shut down entirely. While the specific details are unknown, it is a real wake-up call that leaders and teams need to be ready at all times, no matter the size of their business.

Why One Layer Isn’t Enough

Creating a bulletproof data security posture can’t be done overnight. Because no two companies are the same, there is not a standardized solution or approach to safeguarding an organization’s data. There simply is no single tool (firewalls, backups, etc.) that is enough in isolation.

To ensure protection, each business must move step by step to create the right layers of security protections. A layered security approach means applying multiple, reinforcing safeguards across people, process, and technology. It is not simply a to-do list. Ideally, a layered approach starts with a flexible framework that meets businesses where they are and helps them to grow stronger from there.

How to Build Layers That Work

Often, smaller and medium sized businesses are stretched thin on resources. To begin building a layered security approach, follow a step-by-step that is simple yet comprehensive and provides guidance.

For example, the S.E.C.U.R.E. Framework from OTAVA acts as a simple yet effective blueprint to help guide organizations through the following stages:

Shrink:  Reduce the size of the attack surface and protect access points. 

The first step is to immediately “shrink” the attack surface, thereby reducing entry points and minimizing risk. This involves assessing areas of vulnerability and applying appropriate tools such as endpoint detection and response (EDR), secure access service edge (SASE), multifactor authentication (MFA), and more.

Examine:  Monitor and analyze anomalies and event threats. 

The next action is to actively “examine” the IT environment, and watch for abnormalities and vulnerabilities. It is critical to constantly monitor and observe, to stop bad actors or inadvertent breaches in their tracks. Solutions that may be applied to assist with this step include vulnerability scanning tools, centralized logging and monitoring, and more.

Contain:  Restrict the attack vectors to reduce the proliferation of any attack. 

Next, it makes sense to learn how to “contain” the attack vectors to minimize the spread of any possible attack. It should be noted that not all threats can be avoided, but by focusing on containing the attack vectors, a buffer can be installed that helps to isolate, manage, and restrict the further propagation of threats. Endpoint protection tools are examples of software that is designed to support this effort.

Undo:  Take action to isolate and restore infected data.

U stands for “undo” the damage, as much as possible. Learning how to take action to restore data and operations quickly, means having a solid plan. This layer involves creating or reinforcing backup and disaster recovery strategies so that operations run smoothly and uninterrupted. Immutable backups, Disaster Recovery as a Service, and cloud backup solutions can make a positive impact in this area.

Recover:  Achieve business continuity of operations.

Following the “undo” step, “recover” is a logical continuation that gets into the ways that disaster recovery plans need to be utilized in order to recover from cyber threats and incidents. It is not just about the ownership of data, it is really understanding what to do with it. For support, disaster recovery runbooks and managed DRaaS solutions are considered in this layer.

Evaluate:  Engage in continuous improvement of your security posture.

Because strong cyber security isn’t just built, it’s assessed, refined and improved over time, the final layer, “evaluate,” focuses on identifying gaps, comparing security posture, and making fact based decisions. Uncovering ongoing ways to evaluate security posture will have a lasting impact on safeguarding valuable data. Consider solutions in the security posture assessment, risk scoring, and governance reviews category for ways to stay current.

Resilience in Action: Protecting What Matters

To build a strong business it is no longer enough to have a great product and excellent customer support, because a single cyber incident can undo years of hard work. For growing organizations like our regional hospitals here in Indiana, and our local community banks, as well as other mid-market enterprises, the right posture combines cloud infrastructure with layered security controls, disciplined processes, and a security-first culture.

Each step and layer helps build resilience with confidence. While much of today’s focus is on AI and emerging tech, the human factor must also be addressed through ongoing security awareness training and consistent communication to foster vigilance.

Partnering wisely will advance this vital effort. A trusted provider will bring deeper expertise, added resources and hands on support to guide you through a layered security approach that helps safeguard operations, preserve trust, and support long-term growth. In a world where cyber threats are constant, layered defense is the only sustainable strategy. Seek expert support, test often, and always keep people at the center of your security approach.

About the Author

Brock Hesler is a Senior Account Executive at OTAVA, where he helps businesses solve real challenges through secure, flexible cloud solutions built for their unique needs. With a consultative and relationship-driven approach, Brock partners with organizations to modernize infrastructure, strengthen data protection, and simplify compliance, making complex technology approachable and practical.

Before joining OTAVA, Brock spent more than a decade with the Indiana Chamber of Commerce, leading membership and foundation initiatives that drove record growth and deepened partnerships across the state. He is passionate about helping teams feel confident in the technology decisions that move their business forward and believes that great outcomes come from genuine collaboration and clear communication.

Keep Reading

What Indiana Businesses Need to Know to Protect Themselves Against Cyber Attacks →

Digital Age Demands More Attention to Cybersecurity Measures →

AI is a Double-Edged Sword: Its Power and Peril in Cybersecurity →

More From TechPoint

Explore data, insights, and actionable frameworks in AI-Driven Skills for Indiana’s Economy →