A Fresh Look at Cybersecurity: Zero Trust

posted by Administrator on 11/02/2022 in Blog Posts | Tagged backups, Company Culture, Cybersecurity, data breaches, disaster recovery, hackers, Phishing, ransomware, training

By Tom Cramer

One of the greatest dangers of business risks is becoming numb to them, allowing them to become a “new normal”. For the past decade, a continual stream of warnings about cyber threats and cybersecurity has created such a state for many business owners. There is almost a fatalistic attitude that develops. It’s “I’ve taken all the reasonable steps; I don’t know what else to do.”

Increasing in Frequency and in Damage

Unfortunately, that is increasingly a dangerous attitude to take in the face of this growing problem. According to a recent article in Forbes, the number of serious breaches is up more than 15 percent over 2021, itself a record year for such successful attacks. The article notes research showing that cybercriminals can penetrate 93 percent of company networks. Further, the discussion includes the amazing fact that “…half of U.S. Businesses still have not put a cybersecurity risk plan in place.”

From the largest to smallest companies, the new aggressiveness of hackers and “black hat” operators are taxing the capacity of those fighting this destructive trend. The Wall Street Journal recently reported that “Cybersecurity specialists who respond to hacks say they are stretched thin as ransomware and other attacks proliferate…”

The Weakest Link

One small light of hope is coming from an entirely new approach to the issue of cybersecurity. Leading experts who have studied all the major breaches and forms of attacks over the past decade have a new focus.

Instead of relying on the “moat and walls” defense of building the best possible firewalls and other protections to keep hackers out, they have new insights into the real dangers. That concept is termed Zero Trust. It is based on the findings that more than 90 percent of the damaging attacks succeeded because someone inside those walls unintentionally provided access to sensitive data.

These Trojan Horse attacks come from a variety of increasingly sophisticated uses of phishing schemes, cracking remote devices such as smartphones, and inadvertent security lapses by employees, contractors, and consultants. Under the current concept, there is little or no protection for the most sensitive data once that internal access is gained.

Thus, the new concept acknowledges the limits of educating and training employees and staff on the risks of cybersecurity. While retaining all the existing protocols, the new approach calls for partitioning all devices and data and requiring each user interface to constantly reaffirm its right to use the system when accessing separate areas.

This approach adds a new level of complexity to the issue of cybersecurity, but it also seeks to remedy the problem of this weakest link.

More than Manning the Walls

Every business owner and manager must take the time to step back and reorient their perspective toward cybersecurity. Simply buying some software that promises to catch viruses and thinking things are handled is no longer an acceptable stance.

Below are five key areas for you to reevaluate your attitude and your company’s stance towards
cybersecurity:

1. Think as much about recovery as about prevention. When the largest companies in the world with millions invested in security still get breached, you must accept the limitations of your systems. Moreover, hackers continue to migrate down to companies with lower levels of security. Thus, ensure your company can quickly recover from any successful attack with backups and other protocols.

2. Set the example. Ensure employees understand your concerns over cybersecurity and make it clear that it is an existential threat to small and mid-sized companies. Never let it simply be “one of those things” that is addressed occasionally.

3. Don’t just train. Build on the last point by making security a part of your corporate culture. Use proactive phishing tests and other “white hat” attacks to keep staff on their toes

4. Look at cybersecurity as an investment more than an expense. It all comes down to competition. Be better at protecting your data and it increases the probability your competition is an easier target.

5. Assume the worst. The flip side of “trust no one” is to assume everyone can be fooled. Mitigate the damage any one employee can cause when they are the source of the breach. Do this by limiting access to the most sensitive data without additional confirmations and checks.

There are very bad people working around the clock to steal your data. Make it as hard for them
to succeed as you possibly can.