Cyber attacks, like the pandemic that caused the rise in incidents, have been relentless.
There has been a significant escalation in the past eight months as the sophistication of these attacks has increased. Hackers hunt down key vendors, allowing them to target vast swaths of valuable victims, as we saw in the attacks on SolarWinds, Microsoft Exchange, Colonial Pipeline and, more recently, MSP software provider Kaseya.
To make matters worse, the groups behind these attacks are based in countries that have shown no interest in controlling the hackers. In many cases, the attacks come from groups associated with these foreign governments or even directly from the state actors themselves.
In response to calls for action, the Biden government has warned these governments that a continuation of these attacks will not be tolerated – although there is little doubt that their warnings will have a major impact on hacking activity.
In the absence of an effective response to coercive measures, the government issued one in May First order with the aim of improving the government’s security situation. Under the requirements in the EO, the government asked the federal government to implement a zero trust architecture that would make it more resilient to attacks, which will hopefully help mitigate some of the risk and implement best practices for zero trust security .
Define zero trust
In the previous era, defenders tried to build tall walls that would prevent attackers from breaking into their networks and accessing their valuable assets. Everyone inside the perimeter was considered trustworthy, and those outside the network were not.
As long as the office was working on the LAN, this approach had a reasonable chance of success. But for the past twenty years, working outside the office has been changing, and the perimeter built to protect against data loss has become less and less effective. Work was now done from home, on the go, and with all sorts of devices.
The transition to the cloud further erased the boundaries of the perimeter. Organizations gave up much of their control in favor of flexibility and scalability. Identity has become the primary method of accessing data and services. Security was no longer a question of where you are, but of who you are – and whether you can prove it.
An important transformation that came with the move to Zero Trust – where the motto is essentially: “Trust no one and always verify” – – was moving away from the high walls of the perimeter, which means security, and understanding that the Evil ones were probably already behind the gates.
So if everyone is suspicious, the strategy is to restrict access to your surroundings and work on detecting an intrusion so it can be addressed as soon as possible.
In short, we moved from prevention to mitigation, which was probably a more realistic approach that we should have started from the beginning if we’re honest.
The move to Zero Trust had gained momentum in recent years and was accepted as the goal the company should strive for. And then came COVID-19 and almost everything went out of the way. Working from the office in the local network was no longer possible and the threat surface for attacks had only increased further than before.
And the attackers around the world knew it.
Alignment with privileged identities
Hackers have intensified the attacks over the past year and a half, making the quick transition to remote work and the Vulnerabilities that it opened. Especially in the area of identity.
Using identity as the key to access, hackers have sought privileged identities that will enable them to crack and achieve the valuable assets of their targets. The more privileged, ie the more access the identity has, the more useful it is for the attacker.
Attackers are given the credentials they need to compromise these privileged identities in a variety of ways.
Two of the most common are:
- Phishing, where the brand is socially engineered to reveal their credentials.
- Lists of compromised credits that they then use for password stuffing. This is a spray and prayer method, but it’s surprisingly effective.
With these credentials, attackers can take over accounts and then use their newly gained access to gain valuable assets.
Identifying these privileged identities and protecting them is essential to reduce the company’s threat surface and lower its risk. This means that you acquire the right toolsets and practices.
The following are some of the core methods and techniques that must be implemented to protect against these attacks.
3 Essential Tools and Best Practices for Zero Trust Security
Zero Trust aims to make it difficult for attackers to reach their targets while working to identify them before they can do too much damage.
These tools and practices will help lay the foundation for a zero trust approach to security.
Implement tools that monitor user accounts for unusual behavior
If an account is compromised, the hackers can carry out an insider attack. Outward defense instruments become less relevant.
What is needed are Analysis of user behavior can monitor the accounts for characteristic behavior. You can check to see if a user is downloading files they would not normally download or engaging in any other suspicious activity that could indicate an attacker is on the network.
Use strong authentication to make it difficult to access
Verifying identity is an important first step in preventing attackers from achieving their goal. Since we assume that the attacker is already on the network, we have to constantly verify the identity through various channels.
One of the most important and well-known authentication tools is multi-factor authentication. This assumes that there should be multiple checks to verify the user. Ideally, this check should be carried out with different “keys”.
For example, I know my password, but that can be compromised if leaked in a hack. However, when I have MFA, not only do I protect my password, but I also need an extra step like a code that is generated on my phone. This second piece of information is more difficult for a hacker to obtain and, if implemented, can block the vast majority of attacks.
Ideally, MFA shouldn’t use SMS as a second factor. But it’s still better to use SMS MFA than none at all.
Passwords take up valuable time and most people use them poorly. Password reuse, easy-to-guess passwords, and other security crimes are rampant. To address these efficiency and security challenges while gaining greater control over access, most organizations are now using single sign-on tools.
Common providers include Okta, Ping, and Azure AD. They make it easier to sign in to identities with a federated access model that reduces the “workload” on the user.
Eventually, biometrics are fast becoming a popular option to reduce friction for users without compromising security. Think of the Face ID or fingerprint reader on your phone. It’s faster than typing in your PIN code and yet very secure.
Use authorization tools to restrict access once attackers are inside
If an attacker succeeds in breaking through the authentication phase, the next level of Zero trust defense is to manage who is authorized to access the organization’s assets. These are the permissions that allow an account to access specific folders, resources, or other items.
Ideally, organizations should follow the principle of least rights. This is the concept that says you should give the minimum access to the minimum number of people. Just enough to let them do their job.
The more control over what can be accessed, the smaller the threat surface and the fewer opportunities attackers have to access something that could be harmful to the business.
The government as the market maker leading change
We still have a long way to go when it comes to protecting our organizations from the increasingly sophisticated and determined hacking groups, even as the tools get better.
The first step is to actually use the tools that are available to us. Most people still do not use MFAalthough in most cases it is very effective.
The hope is that the government will start creating standards for itself and then everyone who wants to sell to them will have to move on to their standards. This type of buyer is a real market maker. Let’s just hope this EO is enough to shake people up and start protecting themselves.
#trust #Executive #Order #Trust #Security #Practices #Bidens #Executive #Order