You’re to be forgiven if where you’ve placed a lot of your network defenses is on your system’s spam filter. After all, until as recently as 2010, 90 percent of all email messages sent qualified as spam.

That’s not true anymore. According to security firm Symantec, the number of spam emails fell below 50 percent in June for the first time in more than a decade. The number wasn’t much below 50 percent — 49.7 percent to be exact — but it’s still significant because it marks a moment when we can say with as much certainty as you can in the security world, cybercriminals seem to be giving up on the botnet.

According to this post over at MSN, much of this decline can be attributed to the fall of the mega botnet. Just losing two of the larger botnets has dropped the daily spam email totals by billions.

Fewer botnets. Fewer spam emails. Fewer things to worry about, right? Unfortunately, no. Just different things. As the post points out, hackers are just turning their attention and malware elsewhere, like social media. So the need for network security hasn’t changed, just shifted.

Mindsets should drive security decisions

These kinds of evolutions are why we believe it’s important to think about security in terms of mindsets rather than rules. In a quick changing world, your list of rules will quickly become obsolete. But if you have mindsets that guide your security decisions, you can use those to tackle new challenges, like the decrease in spam but increase in other threats.

One of the mindsets that we believe everyone should adopt is: “I will layer security across my network.” This decrease in spam is a good example of why.

Security: “No such thing as a silver bullet …”

There may have been a time, as recently as just five or six years ago, when all that a small business needed to keep itself relatively well protected was a solid firewall and a sturdy spam filter. But times change, and that’s not good enough anymore. Consider what the experts at the SANS Institute say in one of their white papers:

The key to security is visibility. That’s truer now than ever. You have to know what’s coming into your network, where it’s going and what it’s doing once it’s inside. That requires layers of security. It’s an IPS or firewall at the perimeter. It’s antivirus protection at the endpoints. And for all the area in-between, it’s switches and tools that can watch the data move around. Maybe that’s a Security Incident and Event Management, or SIEM, that gathers log information from across your network and makes that data available for analysis all in one spot.

This type of layered security is only going to become more important as the traditional idea of a network and what constitutes the edges begin to change. The traditional definition of an end point is getting fuzzy. It’s no longer the desktop computer in an office somewhere. It could just as easily be a smartphone sitting in someone’s pocket or a tablet tossed quickly into a briefcase.

Download our ebook for more

Commitment to layered security is just one of seven security mindsets that we believe companies should adopt. To learn about the other six, download our free ebook, “7 Security Mindsets to Adopt Today.”