• Britannic Blog
  • Security Series: Part 5 - Network Security - Best Practices and Strategies Every Modern Business Needs

Security Series Part 5: Network Security - Best Practices and Strategies Every Modern Business Needs

Molly Edwards
Networking Security

The Network Is Where Security Strategies Go to Die

Network security rarely fails loudly at first.

It fails quietly, with a misconfigured rule nobody owns, a “temporary” access exception that becomes permanent, or a flat network designed for convenience rather than containment. By the time the breach is visible, the damage has already moved well beyond the initial point of compromise.

At Britannic, we’re often brought in after something has gone wrong. And the pattern is consistent: the organisation didn’t ignore network security. They invested in it. What failed was the assumption that best practice equals resilience.

This article is about the network security best practices that actually survive real attacks, the strategic mistakes we see repeatedly, and how modern organisations should be designing networks that expect failure, not perfection.

Quick Links

  1. Why Network Security Still Breaks in “Well-Protected” Organisations
  2. The Core Principle Modern Network Security Must Be Built Around
  3. Network Security Best Practices That Actually Matter
  4. Network Segmentation Is the Difference Between an Incident and a Crisis
  5. Intrusion Detection Without Ownership Is Theatre
  6. Remote Access Is Now the Primary Attack Surface
  7. The Business Case for Network Security (Beyond Fear)
  8. What Happens When Network Security Is Designed for Convenience
  9. Why Network Security Without Recovery Is Incomplete
  10. How Britannic Approaches Network Security Differently
  11. Network Security Is a Leadership Decision

Why Network Security Still Breaks in “Well-Protected” Organisations

BLUF: Most network security failures are architectural, not technical.

When incidents occur, the post-mortem usually uncovers familiar conditions:

  • Flat or lightly segmented internal networks.
  • Excessive trust between systems and users.
  • Security controls focused on the perimeter.
  • Poor visibility into east-west traffic.
  • Detection tools generating alerts without ownership.

According to IBM’s Cost of a Data Breach Report 2024, organisations that lack effective containment controls experience breach costs over £1 million higher on average than those with mature segmentation and monitoring. That delta isn’t driven by malware sophistication, it’s driven by how far attackers can move once inside.

Network security fails when it’s treated as a protective shell, rather than an internal control system.

The Core Principle Modern Network Security Must Be Built Around

BLUF: Assume compromise, then design to limit impact.

The most resilient organisations we work with don’t ask: “How do we stop breaches?”, They ask: “What happens when something breaks?”.

That shift changes everything. It leads to:

  • Segmentation instead of implicit trust.
  • Identity-aware controls instead of IP-based rules.
  • Detection focused on behaviour, not signatures.
  • Recovery planning embedded into the network design.

This is the mindset that separates organisations that suffer incidents from those that survive them.

Network Security Best Practices That Actually Matter

Stop Treating Firewalls as the Strategy

BLUF: Firewalls are necessary, but they are not the centre of network security.

One of the most common mistakes we see is over-investing in perimeter controls while under-designing the internal network. Upgrading a firewall without addressing identity, segmentation and visibility simply gives you a faster way to misunderstand what’s happening.

Modern network security requires next-generation firewalls that:

  • Inspect encrypted traffic.
  • Enforce identity-based policies.
  • Integrate with endpoint and cloud telemetry.

This is where platforms like Fortinet matter, not because they “block more threats”, but because they allow security policy to follow users, devices and applications, not just traffic flows.

But technology alone doesn’t fix the problem. We’ve seen six-figure firewall upgrades fail because the surrounding network was never designed to enforce meaningful controls.

Network Segmentation Is the Difference Between an Incident and a Crisis

BLUF: Segmentation doesn’t stop attacks, it stops disasters.

Most organisations believe they’re segmented. In reality, they’ve created logical VLANs while leaving identity, credentials and access paths untouched.

Proper network segmentation is uncomfortable because it:

  • Forces explicit access decisions.
  • Breaks legacy assumptions.
  • Exposes undocumented dependencies.

That discomfort is precisely why it works.

The WannaCry attack on the NHS didn’t spread because it was sophisticated. It spread because once inside, malware encountered minimal internal resistance. Flat networks turn minor compromises into systemic failures.

When segmentation is done properly, a breach becomes a contained incident rather than an organisation-wide outage.

Intrusion Detection Without Ownership Is Theatre

BLUF: Visibility only matters if someone is accountable for action.

Intrusion Detection and Prevention Systems (IDS/IPS) are often deployed as compliance artefacts. Alerts fire. Dashboards fill. Nothing happens.

Effective network security monitoring focuses on:

  • Lateral movement.
  • Abnormal authentication behaviour.
  • Command-and-control traffic.

According to Verizon’s 2024 Data Breach Investigations Report, the majority of breaches involve credential misuse, not exploits. These attacks generate signals, but only if you’re looking in the right places and empowered to respond.

At Britannic, detection is always paired with clear response ownership. If an alert doesn’t lead to a decision, it’s noise - not security.

Remote Access Is Now the Primary Attack Surface

BLUF: If your network security assumes users are “inside” or “outside”, it’s already outdated.

Hybrid work collapsed the traditional perimeter. Credentials are phished. Devices are compromised. VPN access often grants far more trust than intended.

Modern network security strategies replace broad access with:

  • Zero Trust Network Access (ZTNA).
  • Device posture validation.
  • Application-level connectivity.

Fortinet’s Secure Access Service Edge (SASE) capabilities allow consistent enforcement regardless of location. This isn’t about locking users down, it’s about reducing the impact of inevitable credential compromise.

The Business Case for Network Security (Beyond Fear)

BLUF: Network security is an enabler of operational resilience, not a brake on change.

When designed properly, network security delivers tangible business outcomes:

  • Faster recovery from incidents.
  • Reduced downtime and revenue loss.
  • Lower cyber insurance premiums.
  • Safer cloud and SaaS adoption.
  • Increased confidence in M&A and transformation initiatives.

We regularly see stalled digital programmes restart once leadership trusts the network to absorb failure.

What Happens When Network Security Is Designed for Convenience

Maersk: A Network That Couldn’t Contain Failure

The 2017 NotPetya attack wiped 49,000 laptops and 4,000 servers at Maersk, costing over $300 million. Investigations highlighted how malware propagated rapidly through internal networks that lacked effective segmentation and recovery controls.

This wasn’t a tooling failure. It was a design failure.

The Pattern We Still See Today

In more recent cases we’ve supported, ransomware didn’t succeed because encryption was unstoppable, it succeeded because:

  • Backup systems were reachable from the same network
  • Privileged access was too broad
  • Detection came too late

Which brings us to recovery.

Why Network Security Without Recovery Is Incomplete

BLUF: You don’t know if your network security works until it fails.

This is where Acronis plays a critical role. Network security reduces risk; recovery determines survival.

Acronis Cyber Protect ensures:

  • Immutable, isolated backups.
  • Rapid restoration of systems.
  • Reduced operational downtime after attacks.

We’ve seen organisations recover in hours instead of weeks because recovery was treated as part of the network security architecture, not an afterthought.

How Britannic Approaches Network Security Differently

BLUF: We design for failure, not for audits.

Our approach starts with how the business actually operates, not how the network diagram claims it does. We:

  • Assess real access paths, not documented ones.
  • Design segmentation around risk, not organisation’s charts.
  • Deploy Fortinet for integrated control and visibility.
  • Embed recovery with Acronis from day one.
  • Manage and evolve the environment continuously.

Network security is not a project. It’s an operating model.

Network Security Is a Leadership Decision

Network security fails when it’s treated as a technical problem to be solved once.

It succeeds when leaders accept that failure is inevitable, and design networks that can absorb impact, limit spread and recover fast.

The organisations that survive the next major incident won’t be the ones with the most tools. They’ll be the ones whose network security strategy reflects how attacks actually happen.

If you want an honest view of how resilient your network really is, not how it looks on paper, we’re ready to have that conversation.

Book A Meeting With A Security Specialist