The increase in remote and hybrid working coupled with the growing use of cloud-based architecture has created a new breeding ground for cyberattacks. These attacks have continued to increase, with the majority of businesses being attacked with ransomware delivered by phishing emails, according to Acronis’ Mid-Year Cyberthreats Report 2022: Ransomware dominates threat landscape. As hackers use social engineering techniques to make their phishing attacks more and more convincing, the likelihood of a successful attack is only getting greater.
People are the first line of defense for organisations but are often also the weakest link in the security chain. We are, after all, only human. Alongside better training for employees to make them more cyber aware, the question has to be how do businesses ensure that attackers have a hard time turning initial access into a full-blown cyber crisis?
New identity-based cybersecurity approaches, which aim to protect all people and machines within an organisation by detecting and preventing identity-driven breaches, are a great starting point. At a time of hybrid and remote working, businesses must have the right solutions in place to protect themselves. As employees are now dispersed, information is being shared out across multiple locations and systems, some of which are internal and some that are external. Firewalls and VPNs are not the solution anymore. In place of this, strategies such as zero trust offer far more robust protection.
Addressing key challenges
To begin, businesses must audit their current security posture. By doing this, they can predict how an attack will affect them and by applying the right tools and principles can begin to understand the financial implications.
There also needs to be a recognition that security posture will never be perfect. Businesses have to prioritise key areas for spending and leave less critical systems less well protected. Moreover, each new cloud environment or technology solution adds new complexity which can create weaknesses or may even introduce a zero-day vulnerability.
Finding the balance — is the zero trust approach worth it?
Zero trust is not new, but that does not mean it is well understood or implemented correctly. By definition, zero trust is a set of policies where access is granted on a least-privilege basis, so employees can only access the data which they have permission to. User behavior is also monitored, so that if it changes access can be denied until permissions have been reaffirmed.
The purpose of zero trust is to reduce attack pathways and make it easier for IT security teams to monitor for an attack. This is due to the strategy providing end-to-end visibility of a network, showing how information flows within an organisation.
For organisations which have implemented a mature zero trust strategy, the average cost of a data breach was $1.76 million lower than in those that had not, according to IBM’s Cost of Data Breach Report 2021. This is due to the fact that zero trust prevents threat actors moving amongst victim systems as easily, thus stopping them from understanding the value of the assets held by said victim. It prevents threat actors from crippling critical systems, and by extension preventing a cyber event becoming a cyber crisis. This strengthens the negotiating position of the victim, and may well allow them to operate pretty much as normal even whilst the attack is happening.
Cybersecurity is all about finding that balance of acceptable risk. Once businesses understand that, they can begin to build out their cybersecurity posture. Businesses must remember, however, that zero trust strategies are one part of a larger arsenal of solutions and approaches which they need in order to stop the increasingly aggressive and sophisticated attacks.
Article submitted by Bart van Moorsel, Solution Design Specialist, TD SYNNEX