October 21st, 2020 Read Time: 5 minutes
The Electric Helpdesk is comprised of experienced IT Professionals with the knowledge and expertise to solve any IT Support question one may have.
Subscribe to our blog and stay up to date
Zero Trust, as it pertains to cybersecurity, means precisely that: Trust No One and Nothing. Whether the user requesting access is inside or outside a network perimeter, access should not be granted without determining: (1) who or what is requesting access and (2) is the user or application known to the network. It is not enough for organizations to restrict access from outside the network. They need to restrict access within the network as well.
Companies can no longer allow unlimited access once an end-user or application has been authenticated. According to a recent study, 37% of data breaches were the result of lost, stolen, or misused credentials, and 30% of data breaches involved an authenticated end-user. And the cybersecurity threats keep increasing.
Instead of assuming everything behind the corporate firewall is safe, the Zero Trust model assumes any attempt to access the network is a potential breach and verifies the in-network requests using the same standards as though the request originated outside the network. That means, every request is authenticated and authorized before access is granted. Principles such as micro-segmenting and least-privileged access are applied to minimize movement inside the network.
Hackers are no longer lone wolves. They are part of a criminal network. It's estimated thatorganized crime groups initiate 55% of attacks. Just as physical crime groups exist to make money, so do their virtual counterparts. Criminal organizations are looking for information that can be sold to the highest bidder on the dark web. Their focus is on more than a ransomware attack or a few consumer records. The following statistics highlight the reasons a zero-trust network is needed:
The latest estimate is that 2020 will result in over a 200% increase in cyber attempts.
Step 1: Analyze risk. Companies should identify the risks associated with privileged access. Evaluate who has access to what information and for what purpose. It is through this gateway of privileged access that internal and external bad actors gain access.
Step 2: Deploy multi-factor authentication. A multi-factor authentication (MFA) approach can help with user identification. It is built on the concept that authentication requires more than a single identification source, such as a username and password. It involves information from at least two of these categories:
By distributing individual identifiers over multiple factors, organizations can increase the likelihood that users are who they say they are. Managerial approval should be required to access critical digital assets and should only use secure methods such as VPNs.
Step 3: Secure core privileges. Look at the applications that access the system, implementing restrictive control of all human and nonhuman users. If a hacker can access an endpoint using a privileged account, it will be difficult to distinguish that unauthorized user from a trusted one. Make sure employee devices are secure and apply all security updates immediately.
Step 4: Monitor privileged pathway. Do not assume that detection mechanisms will identify all malicious activity. By monitoring the privileged pathways for suspicious activity prevents bad actors from expanding an attack. Tightened controls create isolation layers between endpoints and help secure connections to critical assets.
Step 5: Implement attribute-based controls. Individuals and applications access a system for a reason. It's crucial to a zero-trust environment that who can access what and why is established for all users. Placing controls around privileged users, so they can only access information required for predefined tasks minimizes the risk of unauthorized access to critical resources.
Implementing zero trust security models can be done in increments, although the first step must be analyzing risk so priorities can be set to protect the most critical assets first. When looking at risk, understand the underlying assumptions when it comes to granting access. What does a guest user need access to? Are there third-party applications that interact with the system? Never grant more access than is absolutely necessary.
Yes, employees need access to the system to perform their job responsibilities. But what is the minimum access required to do their tasks? If employees require access outside their normal scope, explicit requests for access should be required. No one should be given unrestricted access to the system.
Remember, humans are creatures of habit. Whether it's a morning routine at the office or shopping online, people tend to behave the same time and time again. Monitoring user behavior can help identify unusual activity on the network. Given that 30% of all data breaches involved authenticated users, predicting behaviors could help minimize unauthorized use.
Micro-segmenting means dividing the security perimeter into zones that require separate access permissions. Granting access to one zone does not grant access to all zones. This is especially crucial with more people working remotely.
With more remote devices accessing a network, controls must be in place to verify the device. Only after the device is identified and verified should access be granted. This process helps companies determine if the endpoint is a security risk.
Figuring out all your bases to cover pertaining to your organization’s cybersecurity is not an easy process to navigate, especially in times like these— and that’s why Electric is here to support your organization.