18 Nov Zero Trust + Cyber Resilience = Reduce Impact of Cyberattacks
Adopting Zero Trust Allied to the principles of cyber resilience is the way to reduce the impact of cyberattacks in the future
In the past two years, due to unprecedented events, organizations have moved to a hybrid working model, replacing the conventional full-time office model. This movement has pushed organizations of all types to the cloud, leaving leaders concerned about their organizations becoming less secure and more prone to cyberattacks.
This year alone, we’ve had a 230% increase in password “spray” attacks (type of brute force attack where a malicious actor tries the same password on many accounts before moving on to another and repeating the process.), with 91% of all cyberattacks starting with an email1. In 2020 and 2021, the FBI’s Report9 IC39 identified phishing as the main type of crime reported by victims2,3. More than 160,000 malicious phishing sites were taken down by Microsoft in 20212. Over the past year, the Microsoft Detection and Response Team (DART), along with Microsoft’s threat intelligence teams, have seen an increase in the use of “sprays” of password as an attack vector4.
This has led organizations like Microsoft and many others to find ways to respond to these attacks. It is consensus among governments and companies around the world to recognize that this is imperative and to accelerate the adoption of a Zero Trust strategy. Rather than assuming that everything behind the corporate firewall is secure, the Zero Trust model assumes the breach and verifies each request as if it originated on an open network. Regardless of where the request originates, or which resource will be accessed, the Zero Trust strategy teaches us to “never trust, always verify”.
By supporting thousands of deployments and observing the expanding threat landscape, we’ve revised and evolved the Zero Trust architecture based on these 3 principles:
Zero Trust Principles:
- Check Explicitly – Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies.
- Embrace Least Privileged Access – Limit user access to just enough access at the time, adaptive risk-based policies and data protection to ensure data security and productivity.
- Assume Violation – Minimize blast radius and segment access. Verify end-to-end encryption and use analytics to gain greater visibility, boost threat detection, and improve defenses.
“If we want to keep our data safe from cybercriminals, it’s important to invest in tools and resources that limit information loss and constantly monitor any data leaks or exposures. That’s why organizations are on the path to properly address cybersecurity issues through a Zero Trust approach. All organizations need a new security model that more effectively adapts to the complexity of the modern environment, embraces the hybrid workplace, and protects people, devices, apps, and data wherever they are located,” said André Toledo, Security Leader at Microsoft Brazil.
Five steps to successfully implement the Zero Trust Strategy:
Zero Trust requires that all transactions between systems (user identity, device, network and applications) be validated and proven to be trustworthy before the transaction can take place. In an ideal Zero Trust environment, the following behaviors are required:
- Strengthen your credentials – Use multi-factor authentication (MFA) everywhere, as well as a strong password policy, and continue to evolve to a passwordless environment. The additional use of biometrics ensures strong authentication for user-backed identities.
- Reduce attack surface area – Disable the use of older, less secure protocols, limit access entry points, move to cloud authentication, and exercise more meaningful control of administrative access to resources.
- Automate Threat Response – Require multi-factor authentication or block any risky access, as well as occasionally implement secure password changing. Deploy and respond automatically, and don’t wait for a human agent to act on a threat.
- Leverage cloud intelligence – Review your Microsoft Secure Score (a numerical summary of your security posture based on system configurations, user behavior, and other security-related measures). Monitor and process audit logs to learn from them and strengthen policies based on those learnings.
- Empower employees with self-service – Implement self-service password reset, self-service access to groups and apps, and provide users with secure repositories to download apps and files.
“Implementing a Zero Trust strategy is not extremely sophisticated; the steps are hygienic measures that must be considered for any business that wants to thrive and mitigate its security risks. The Zero Trust model protects us against 98% of attacks, and to combat these 2% of vulnerabilities, Microsoft uses five steps to achieve cyber-resilience”, highlighted Felman.
Microsoft’s Five Steps to Achieving Cyber Resiliency:
- Embrace vulnerability as a fact of hybrid work and move to resilience – Leaders are concerned as 40% of security breaches in the last year impacted their business. With hybrid work here to stay, dispersed cloud networks are difficult to secure, and enterprises will no longer have the option of retreating to an internal corporate network-only environment. To protect their organizations, leaders must hire cloud experts who can work on cloud security, helping organizations achieve greater security, compliance and productivity.
- Limiting how far ransomware attackers can reach – Ransomware activity grew by 1070% between July 2020 and June 20215. The severity of attacks is growing and caused an estimated $20 billion in damage in 2021 alone. that by 2031, this number will exceed US$ 265 billion6. In about 48% of ransomware attacks, victims reported that the attacks caused significant operational downtime, exposure of sensitive data, and reputational damage. To lessen attacks, what leaders need to do is adopt the Zero Trust principles mentioned above.
- Elevate cybersecurity to a strategic business function – Research has revealed dramatic parallels between knowledge about vulnerabilities and a mature security posture that treats security as a strategic business function. Nine out of ten security leaders who feel vulnerable to attack perceive security as “a business enabler”. What security leaders must do is evaluate their Zero Trust approach, that resilient security posture that elevates security from a protective service to a strategic business enabler.
- Recognize that you may already have what it takes to manage rising threats – mature security organizations are realistic about the threats in today’s digital environments – and optimistic about their ability to manage future challenges. For example, while nearly 60% of leaders see networks as a vulnerability today, only 40% see this issue continuing two years from now. To achieve this, leaders need to ensure that their existing security investments — such as endpoint detection and response, email security, identity and access management, CASB (Cloud Access Security Broker) tools and tools native threat protection capabilities—are properly configured and fully implemented.
- Implement security fundamentals – Almost all cyber-attacks could be stopped by enabling multi-factor authentication (MFA), enforcing least privilege access, updating software, installing anti-malware and data protection solutions. However, low adoption of strong identity authentication persists. What needs to be done is to start with identity: “It’s critical to have strong identity protections in place, whether it’s MFA, passwordless sign-in or other defenses being put in place, like conditional access policies, which, in addition to minimizing opportunities, make it much more difficult to elevate attack level,” strongly recommends Christopher Glyer, Threat Intelligence lead at the Microsoft Threat Intelligence Center (MSTIC).
If organizations want to prevent ransomware attacks, they must limit the scope of damage, forcing attackers to work harder to gain access to various business-critical systems.
_
Sorry, the comment form is closed at this time.