Adopt Zero Trust security model for an agile security posture
- Posted on August 4, 2021
- Estimated reading time 5 minutes
Over the past 15 months, the pandemic has assisted many cyberattacks; the most recent cases are the targeted attacks on Colonial Pipeline and Irish Health Service.
Ransomware attacks have become more common as cybercriminals began capitalising on the fact that organisations are focusing on pivot business strategies and mitigating the disruptions that COVID-19 has brought to their operations.
The biggest pivot that companies have faced is adopting remote working (which is here to stay) almost overnight. To facilitate this change companies have rapidly increased their digital transformation, and this in turn has opened many opportunities for malicious criminals to cause catastrophic damage with targeted attacks.
A targeted cyberattack is when an organisation becomes a specific target for criminals. They are strategically planned to be tailored towards specific systems, processes and personnel thus making them more damaging than un-targeted attacks. For more information on the types of cyberattacks and how they work please visit the National Cyber Security Centre’s website.
So how big is the problem?
In 2020, ransomware attacks increased by an astonishing 485% compared to 2019, according to Info-Security magazine.
Last year, nearly 2,400 US based government bodies, healthcare facilities and education institutions fell victim to ransomware attacks, according to a report published by the Institute for Security and Technology.
This spike in ransomware attacks is part of a bigger attack on corporate security. In 2021, these attacks are forecast to occur every 11 seconds, according to SafeAtLast. We are only halfway through the year, so you can just imagine the scale at which these attacks are occurring and as the days go by, they are getting more sophisticated and innovative with their approach.
Now, let’s take a quick dive into the recent targeted attacks mentioned above.
Colonial Pipeline, America’s largest pipeline systems for refined oil products became a target for a cyber-criminal gang known as DarkSide. The ransomware attack occurred by infiltrating Colonial’s network and locking the data on some computers as well as servers. Then, the criminals demanded a ransom for the data they captured. The gang has taken hostage almost 100 gigabytes of data and have threatened to leak sensitive information on the internet if the ransom is not paid out.
On the other side of the Atlantic Ocean, the Irish Department of Health became the latest victim of the Conti Ransomware group who also threatened to publish data. Conti are asking for £14m in ransom to restore services after a devastating attack, although the criminals gave the decryption key for free. It’s quite perplexing that the criminals took this action after committing a serious crime.
Is Zero Trust the answer?
With ransomware attacks increasing and becoming more sophisticated, what can organisations do to prevent themselves from becoming victims?
Digital transformation occurring at a rapid pace has meant that security parameters are no longer limited to on-premises solutions but now include SaaS applications that are being used by businesses for critical workloads; employees can now access corporate resources via hotel, coffee shop and residential networks.
This is how the Colonial pipeline attack occurred, with more engineers accessing the control systems from their networks at home which gave the criminals an opportunity to strike. James Chappell, co-founder of Digital Shadows believes the criminals could have bought the account login details for remote desktop.
It’s important to acknowledge that there aren’t any ‘threat free’ environments; hence a traditional perimeter-based security model is no longer viable; adopting ‘Zero trust’ is critical to protecting organisations. The guiding principle of the Zero Trust Security model is “never trust, always verify”.
Adopting the Zero Trust security model involves organisations thinking beyond perimeter security and moving to a more holistic approach. The model requires implementing controls and technologies across the foundational elements: Identities, Devices, Applications, Data, Infrastructure and Networks. Every transaction between these systems must be validated and proven to be trustworthy before the transaction can occur.
The ideal Zero Trust environment must include the following behaviours:
- Identities are valid and secure via multifactor authentication everywhere – multifactor authentication eliminates passwords expirations and may eventually eliminate passwords.
- Devices are managed and validated as healthy – all devices and operations systems need to meet the required minimum health state.
- Pervasive data and telemetry are used to learn more about the current security state, identify gaps in coverage, validate the impact of new controls and correlate data across all applications and services in the environment.
- Limit access to only applications/services and infrastructure required to perform the job function.
If you are thinking of adopting this model into your organisation, one option would be to use Microsoft’s Zero Trust Security model and framework. A good starting point would be to use the Zero Trust maturity model assessment tool to see the maturity stage of your organisation and targeted milestones of resources to move forward in your Zero Trust Security journey.
What would it mean if you adopt the Zero Trust Security Model into your organisation?
All organisations are vulnerable to cyber-attacks just like the one on Colonial Pipeline; the pandemic has accelerated the changes in cyber-security measures but has also opened doors for criminals, and the adoption of the Zero Trust model is currently the best way to stay one step ahead.
Implementing the Zero Trust security across fundamental elements following the guiding principle “never trust, always verify” can help you shift from a reactive to an adaptive agile security posture.