As enterprises initiate sweeping digital transformation efforts in their office and home office environments, the vulnerability of their network to malicious cyberattacks increases, says Yanir Laubshtein, VP, cybersecurity & industry at NanoLock Security.
Introducing countless connected devices is a major priority for efficiency-minded enterprises as they embrace the analytics, automation, and collaboration tools that were popularised during the pandemic, but each additional connected device represents another potential point of entry for bad actors. Many of these devices require remote access as well, in order to support remote or hybrid employees newly freed from the demand to be on-site every day. This represents an additional risk.
Many enterprise IT managers have historically operated their security infrastructure by establishing a digital perimeter that trusted credentialed users and devices from within but distrusted external uncredentialed entities.
Recent high-profile intrusions from insider and supply chain sources have proven this approach to be outdated and inviable. This automatic trust puts the organisation at risk from malicious internal and external actors while also allowing wide-reaching system access should they gain control.
Though a breach from someone within your own organisation can seem hard to imagine, insider attacks are by no means rare, as 2 billion of the 5 billion records stolen or compromised in 2018 resulted from insider circumstances, according to a report from Oliver Wyman. The frequency of such incidents has increased by nearly 50% since that time.
The three main sources of insider attacks are disgruntled employees or business partners who abuse their sensitive information and privileged access for their own benefit, to hand over their access to bribing outsiders so they can enact their own plans, or simple negligence the equivalent of leaving the door unlocked. An IT security system that fails to account for these increasingly common scenarios is woefully over-trusting and thus underprepared.
Supply chain attacks are increasing in frequency as well, as evidenced by the still-evolving SolarWinds hack from late last year. In this widely covered and even wider-ranging breach, a bad actor along the IT supply chain inserted malicious code into SolarWinds’ systems where it laid dormant for a time, unbeknownst to SolarWinds.
SolarWinds then unwittingly distributed this compromised code to tens of thousands of customers within an update package, with the North American Electric Reliability Corp (NERC), a non-profit industry regulator, estimating that up to a quarter of North American electric utilities downloaded the compromised update.
The discovery of this vast intrusion served as a wakeup call for organisations and governments reliant on IT systems because it revealed the necessity of an approach that manages the threat from not just outsiders, but insiders and supply chain sources as well. This, as president Biden noted in his recent executive order concerning cybersecurity protocols, is called a Zero Trust approach to cybersecurity.
Zero Trust is a security philosophy built on the idea that organisations must not automatically trust anyone or anything at all. Everyone and everything must be authorised before receiving access to the organisation’s network.
This represents a significant departure from the aforementioned perimeter-based approach, and in practice, it requires all users, even those inside the organisation’s enterprise network, to be authenticated, authorised, and continuously validating security configuration and posture, before being granted access to applications and data. Essentially, Zero Trust treats trust as a vulnerability and looks to eliminate it.
As enterprises increase the number of connected devices on their network while also granting an increased level of remote access, they must upgrade their security protocols by downgrading their level of trust, even at the device level.
One way of doing this is to introduce a solution with an embedded gatekeeper into the device memory that will prevent outsider, insider, and supply chain threats by automatically rejecting all changes unauthenticated by a trusted external server.
This prevents persistency, and though it won’t stop future hackers from trying to breach enterprise devices and networks, it will at least stop them from succeeding.
The author is Yanir Laubshtein, VP, cybersecurity & industry at NanoLock Security.
Follow us and Comment on Twitter @TheEE_io