Most of what we encounter every day is computerized. We connect to the internet on our phone or make a purchase with an internet-connected processor, leaving us at risk of a malicious hacker targeting data.
As a result, cyber crime is a lucrative business. Organizations everywhere are responding with robust cyber security protocols all over the world to ensure their data is as protected as possible, but it may not be enough.
Regardless of security, one of the biggest risks to an organization is from within. Insiders are a big part of cyber risk, whether intentional or unintentional. Some of the most widely publicized breaches in the past year proved that fact.
Publicized breaches are almost always catastrophic, often damaging to brand, and include details that make them feel removed, like it couldn’t happen to us.
Cyber breaches happen all the time, to organizations large and small. It’s just that the ones making headlines are the biggest or involve some of the most damaging data.
For example, the high-profile SolarWinds breach was a calculated effort from sophisticated, malicious hackers. Once the investigation was complete, the ultimate weakness was compromised credentials that were exploited during routine software updates.
For the hack to work, a number of pieces had to fall into place. The victim had to download a contaminated update and deploy it, then connect to its command and control to allow the hackers to gain remote access.
This simple process led to alarming results. The hack involved multiple government networks and critical infrastructure.
Another high-profile attack involving compromised credentials was the Colonial Pipeline attack, which was rooted in hacked credentials from an inactive account. With one password, attackers had an opportunity to wreck the fuel supplies from the Gulf Coast refineries to major East Coast Markets.
In this case, multi-factor authentication could’ve made the hack more difficult. Had the attacker needed to prove their identity with an additional form of authentication, they wouldn’t have had the freedom to move within the network.
There were cyber security issues with these examples, but the risk still came down to weak credentials.
These are the primary types of insider risks:
With insider risks, most of the activity happens with trusted users or applications in a trusted network, making it difficult to detect with technology or security procedures. What’s worse, hackers can hide the evidence of their attack to complicate the matter further.
Security policies can go a long way in preventing some types of cyber crime, but they can’t help much with compromised identities without disrupting productivity.
All organizations should have a stringent cyber security protocol and enforcing technology in place for defense, but there needs to be more. Zero-trust architecture with zero friction security is important for balancing security with the positive user experience businesses need to thrive.
The idea behind zero trust is that no one is assumed safe within a company network. A breach is assumed every time, and all sources are verified. “Never trust, always verify” is the mandate.
All users in the network must be authenticated, authorized, and validated before they can gain access to data and applications. The principle of least privilege limits their ability to gain further access and move freely in the network. Analytics can be used to detect a breach if one occurs.
It relies on five guiding principles:
Zero trust encompasses several defense areas, including:
Zero trust is gaining new relevance in the wake of these recent breaches. Businesses are amassing more data, making them ideal targets for cyber criminals. Traditional cyber security measures aren’t enough, especially with the risk of a breach from a compromised identity. Zero trust protects assets with least privileged access and continuous verification.
By Joseph Carson