Improve your business' security posture with an "already breached" approach to cyber security.
A prospective client asked us in May if cybercrime really is worse now than it was before the pandemic. They hadn’t noticed a big, splashy attack in the news for a while, so they assumed the crime rate was ticking down. But when you dig into the numbers, it’s clear that the effort to steal, destroy or ransom data accelerated during the pandemic and continues to grow.
Although data compromise and extortion events aren’t going away, businesses can defend themselves. The key is adapting effective cybersecurity frameworks and strategies to meet your own unique needs. We’d like to review one such framework, called zero trust, and explore how it can make a difference in your company’s security posture.
What Is Zero Trust Security?
Zero trust isn’t a technology, a brand, or a vague marketing slogan. Rather, it’s a series of interconnected principles meant to protect organizations in the digital world. The framework is built on the premise that users, devices, applications, and services can never be entirely trusted.
That’s a huge departure from the traditional “castle and moat” approach to cyber security. With that old school methodology, cybercriminals were assumed to be outside of the defensive perimeter. Firewalls, antivirus software, and basic access controls were thought to be good enough. But what happens if the attacker already has access? The company is left defenseless.
In reality, threats may exist inside the defensive perimeter. That means the old cliché “trust but verify” is backwards – we must “verify, then trust.”
Zero trust means continuous verification based on multiple datapoints. If your CEO logs in from his house in Chicago at 9AM and then attempts to log in again twenty minutes later from a beach house in Dubai, something is amiss. With location as a verification datapoint, the suspicious attempt can be shut down even if the credentials provided are correct.
Just-In-Time and Just-Enough-Access (JIT/JEA) are also essential zero trust concepts Access should be granted for the minimum amount of time and permissions necessary to complete the task at hand.
If someone on your team is downloading or sharing data that isn’t relevant to their job, that’s a massive red flag. But once that data leaves, it's simply too late. Zero trust teaches managers and cyber security professionals alike to think proactively when it comes to access and data governance.
Other elements that should be incorporated into a zero trust strategy include traffic filtering, end-to-end encryption, EDR/XDR monitoring, data classification/labeling, runtime controls for infrastructure, and a process of continuous assessment and optimization.
Why Zero Trust Matters
Did you know that about 43% of cyberattacks are directed at small businesses? Yet only 14% of them have security measures necessary to defend against these attacks. Breaches can cost them hundreds of thousands of dollars – sometimes millions. But the impact is always deeper than the financials. Reputational damage and the loss of credibility can shake the confidence of even the best customers and vendors.
Data breaches also impede productivity, both for the IT team closing the security gaps and the c-suite executives addressing the business impact. Which projects will be delayed as a result?
Without a model like zero trust, cyber security is a challenge even for the largest organizations. Take the 2021 Colonial Pipeline ransomware incident for example:
- The company has extensive IT resources but they were hacked when a single password was guessed
- The affected account could have had Multi-Factor Authentication (MFA) enabled, but it didn’t
- The password granted the cybercriminal administrator-level access, which allowed them to move freely and zero in on the most valuable information
- They stole 100 gigabytes of data in a two-hour window and infected the network with ransomware in the process.
There's no guarantee that a zero trust approach would have prevented the attack entirely. But perhaps the damage to the company and its customers could have been smaller.
Remote-Work Paves Way for Higher Internal Threat
Out of necessity, millions of businesses shifted to a hybrid/work from home model in 2020 due to the pandemic. Two plus years later, nearly 60% of U.S. workers say their job can be performed remotely most or all of the time. The idea of returning to full-time, in-person work is now viewed by many as a dealbreaker.
IT teams with a traditional view of cyber security have found that the “defensive perimeter” is nationwide. Users are connecting to wifi networks from home and on the road. They are also using personal devices for work, downloading more applications, and relying on far more cloud-based services. All of this while the volume of sensitive data they handle on a daily basis is exploding.
The clearest path forward is one built on zero trust or a comparable framework.
Implementing a Zero Trust Framework
Implementing zero trust requires the right strategies, technologies, and policies. Simply put, it’s designing and maintaining an entire security ecosystem with a very limited margin for error.
The problem is that when people don’t know where to start, they don’t start at all. Instead of giving in to that kind of paralysis, consult with professionals, evaluate your current position, and decide what expertise needs to be added.
The technology specialists at Envision are ready to help. We collaborate with management teams and existing IT staff to deliver exactly the level of support you need. Whether you require engineering, design, or security services like zero trust, we are a call or click away.