Adarsh Nair, Head of Information Security, UST Global Inc
In the event of the COVID-19 outbreak and the subsequent lockdown situations, the utilization of cyberspace has increased exponentially. A more significant percentage of offline activities are now migrated to cyberspace, and even the concept of physical office space may vanish very soon. Your office will be in your home. At the same time, this migration will expand the attack base for hackers and other malicious agents, and thereby, the threat of cyber-attacks is very high in this situation. The defenders will move to Zero Trust models, and the current concerns will catalyze and enhance innovations in the field of cybersecurity.
Zero Trust Architecture is an IT security paradigm that does not inherently trust anything within or beyond its perimeter. The core philosophy behind this approach is that any user or computer attempting to access services on a private network, whether within or outside the network perimeter, will be treated the same from a security perspective. This additional layer of protection has been proven to deter the scope of a cyberattack. Another principle behind the concept of Zero Trust is the least privilege and the need to know basis. In the least privilege, the individual is given the requisite access to the task, and the need to know means, the access is provided on the grounds of the need and will be removed after the job. This minimizes the access of each user to critical portions of the network.
The systems or applications which store or process critical and sensitive data like Personally Identifiable Information (PII), Protected Health Information (PHI), or Payment Card Industry (PCI) data are crucial for the Zero Trust architecture. These systems need to be placed under the Zero Trust umbrella. Nowadays, organizations have implemented very sophisticated solutions to prevent cyberattacks. Hence, the attackers are infiltrating the organizations’ internal network and executing the attacks. The maze ransomware attack is one of the recent examples of this approach. The attackers used Phishing scams to infiltrate into the internal corporate network. Even if the compromised accounts are less privileged ones, there are various methods available to elevate the privilege to a higher level.
The Zero Trust strategy depends on different existing technology and governance mechanisms to accomplish its objective to maintain the enterprise IT ecosystem. Multi-factor Authentication (MFA) is the core feature of the Zero Trust model. MFA simply means requiring more than one piece of evidence to authenticate a user; just entering a password is not enough to gain access. A popularly seen application of MFA is the 2-factor authorization (2FA), which applications like Gmail and Facebook have implemented. It means along with the password, an OTP sent to your registered mobile number together is used for logging in. The password you set is ‘something which you know’, and OTP becomes ‘something which you have’. Thus, even if the ‘something you know’ factor is compromised, there is still ‘something you have’ factor to protect your accounts.
After the revolution of cloud technologies, the majority of the applications are hosted in cloud platforms, which enables better scaling, load balancing, and cost-effectiveness. The organizations are using a combination of On-Prem and cloud infrastructure for their operations by implementing solutions like CASB (Cloud Access Security Brokers) for enforcing security policies to ensure the security compliance of cloud infrastructures. Using the cloud as the backup infrastructure would be one of the widely accepted models.
Data loss prevention (DLP) technology is now an increasingly relevant IT management tool in the era of stringent data protection regulations such as GDPR (The General Data Protection Regulation) and CCPA (The California Consumer Privacy Act). Most organizations are dealing with sensitive data like PII, PHI, or PCI information. These data need to be protected and are ensured by various laws and regulations. Implementation of proper DLP and IRM (Information Right Management) solutions are highly demanded in the current cyberspace. The IRM solutions also help to prevent accidental data exposure, misuse, or even data leakage. The proper rights configuration will help to protect the documents and emails from unauthorized disclosures.
The SaaS-based applications are very common nowadays and the majority of those applications are dealing with critical data as well. The security of the applications which are available on the internet is highly critical for both on-prem and cloud solutions. Those applications need to be thoroughly inspected on all security controls before making them available on the Internet. This portrays the requirement of Vulnerability Assessment or Penetration Testing. The applications are tested on certain security standards like OWASP Top 10 in both internal and external attacker perspectives. Not only the applications, but the infrastructure is also undergoing penetration testing exercises to evaluate the strengths and to uncover the weaknesses, which will help the organizations to patch it before someone could exploit it.
The patching of devices would be another crucial factor. The security patches should be applied to the devices promptly. For example, Microsoft is releasing patch updates on the second Tuesday of every month. Recently, they had released highly critical patches for certain critical zero-day vulnerabilities, which could have led to the complete compromise of the system. The patch management, which is always essential for every organization, is using WSUS(Windows Server Update Services) or SCCM (System Center Configuration Manager) to push the patches to the windows systems. The patches can be pushed to the roaming devices through antivirus solutions as well. Behaviour or pattern-based identification is more efficient than the traditional signature-based detection of malware. There are specific methods available to bypass the endpoint anti-virus solutions. Anti-Virus solutions with EDR (Endpoint Detection and Response) would be an apt combination to defend the Zero-day attacks.
An insecurely implemented API can lead to a massive data breach. Few of the significant data breaches happened through poorly configured APIs, which led to the breach of millions of records. API management solutions like Apigee are giving the right protection for APIs. API Management is a collection of processes that allows a company to monitor and envision APIs that link apps and data across the organization and through clouds. This will give better control over APIs and will be able to enforce the need to know and least privilege principles.
Password Hygiene is highly advisable in the event of increased social engineering attacks. According to the research report of SplashData, an Internet security agency, the most common password used in 2019 is ‘123456.’ Interestingly, according to their report, this has been the number one preference for the last five years, followed by ‘123456789’. This is obvious, people prefer to use a password that they can quickly recall.
A single layer of defence is not the right choice in the current cyberspace. The layered security approach would be the best one, which will implement the concept of the Defence-in-Depth strategy. If one layer of protection fails, the inner layers will defend the penetration. The combination of having the right management controls, operational controls, and technical controls would help the organizations to tackle the cyber-attacks to a greater extent. In short, the Zero Trust approach would help the organizations to achieve the expected level of security even in an emergency situation.