Despite the fact that it is a decades-old exploit, phishing remains a top threat to organisations today. Bad actors looking to steal personal information and credentials will use phishing scams because they are simple and effective, and once they have access, they can exfiltrate data and spread ransomware. Stolen credentials give bad actors authorised access to networks, and once they are inside, they can inject malware and wreak havoc. The traditional ways of securing networks, like firewalls and VPNs, are no longer enough, and securing the perimeter is challenging in a remote working, borderless world. Zero trust has become critical to not only ensure authorised access only, but to continually validate access to prevent bad actors with stolen credentials from infiltrating networks and deploying ransomware attacks.
Are they who they say they are?
A ransomware attack is often not the first port of call for bad actors, and it can be seen as a symptom of a bigger problem. Typically, what happens is that threat actors will gain access to a network, and then begin to infiltrate other areas of the organisation. Only once widespread access has been gained will a ransomware attack be deployed. If they gain access using stolen credentials, it may take a long time to identify the attack, by which time a significant amount of damage may already have been caused.
Think of your network as a house, and a bad actor as a contractor, like a plumber. When we need a plumber, we will verify their identity before we let them in the house. But once they have access to the house, unless we are aware of where they are and what they are doing, they may be doing damage such as stealing valuables. This is similar to a network. Just because someone has the credentials to access it, does not mean they should simply be allowed in. It is essential to keep validating and monitoring the access, and to ensure that the person accessing the network is who they say they are – this is the basis of zero trust.
Multiple layers make for stronger security
In order to ensure effective security and zero trust, multiple layers need to be addressed, including user access, the architecture itself, the network and the data. Multifactor authentication is essential for advanced login security, and on top of this, privileged access management ensures that credentials are secured and data cannot be accessed illegitimately. Least privileged access and role-based authentication with additional authorisation controls help to limit access to data. The key is to implement authentication, authorisation and then audit to continuously ensure access is restricted to people with legitimate permission.
The architecture itself also needs to be addressed, for example, by validating binaries to ensure they are coming from the application they say they are. It is also advisable to implement CIS controls to limit exposure, reduce the threat landscape and make it difficult for threats that have gained access to spread using known vulnerabilities and exploits. Addressing the architecture layer strengthens the foundation.
The data element
Zero trust is the principle of architecting a secure solution to protect networks, but data requires additional considerations. Segmentation needs to be implemented to reduce access to data, and the network topology must be controlled to protect backup data. It is also essential to have multiple copies of data, and an immutable copy of data that cannot be altered or infected, with air-gapping to ensure better protection. Finally, it is important to include monitoring and alerting to ensure that should incidents happen, they can be identified quickly before they can cause issues.
Zero trust is the basis of effective data protection in a borderless, remote working world, by ensuring you continuously gate and validate trust throughout data protection and access processes. To achieve this, you need a layered architecture, as well as effective application, network and authentication controls. Above all, whatever zero trust technologies and protocols are in place, your backup and protection solution needs to be complementary to this.