Most of what we encounter every day is computerized. We connect to the internet on our phone or make a purchase with an internet-connected processor, leaving us at risk of a malicious hacker targeting data.
As a result, cyber crime is a lucrative business. Organizations everywhere are responding with robust cyber security protocols all over the world to ensure their data is as protected as possible, but it may not be enough.
Regardless of security, one of the biggest risks to an organization is from within. Insiders are a big part of cyber risk, whether intentional or unintentional. Some of the most widely publicized breaches in the past year proved that fact.
The Risk from Inside Your Company
Publicized breaches are almost always catastrophic, often damaging to brand, and include details that make them feel removed, like it couldn’t happen to us.
Cyber breaches happen all the time, to organizations large and small. It’s just that the ones making headlines are the biggest or involve some of the most damaging data.
For example, the high-profile SolarWinds breach was a calculated effort from sophisticated, malicious hackers. Once the investigation was complete, the ultimate weakness was compromised credentials that were exploited during routine software updates.
For the hack to work, a number of pieces had to fall into place. The victim had to download a contaminated update and deploy it, then connect to its command and control to allow the hackers to gain remote access.
This simple process led to alarming results. The hack involved multiple government networks and critical infrastructure.
Another high-profile attack involving compromised credentials was the Colonial Pipeline attack, which was rooted in hacked credentials from an inactive account. With one password, attackers had an opportunity to wreck the fuel supplies from the Gulf Coast refineries to major East Coast Markets.
In this case, multi-factor authentication could’ve made the hack more difficult. Had the attacker needed to prove their identity with an additional form of authentication, they wouldn’t have had the freedom to move within the network.
There were cyber security issues with these examples, but the risk still came down to weak credentials.
These are the primary types of insider risks:
- Human Error: Mistakes can play a big role in breaches. Stolen devices, misaddressed emails, and confidential data shared over an insecure network can provide an ingress point for a malicious hacker.
- Leak Passwords and Malicious Intent: Mistakes happen, but there are employees who are trying to damage a company. They may leak passwords or operate in a way to help malicious hackers steal information.
- Hijacked Identities: Cyber criminals know that they can gain access with a compromised identity. This could be done with stolen credentials, phishing, or malware, giving them access to the system to elevate their privilege and maximize damage.
With insider risks, most of the activity happens with trusted users or applications in a trusted network, making it difficult to detect with technology or security procedures. What’s worse, hackers can hide the evidence of their attack to complicate the matter further.
Security policies can go a long way in preventing some types of cyber crime, but they can’t help much with compromised identities without disrupting productivity.
Implementing a Zero Trust Strategy and Mindset
All organizations should have a stringent cyber security protocol and enforcing technology in place for defense, but there needs to be more. Zero-trust architecture with zero friction security is important for balancing security with the positive user experience businesses need to thrive.
The idea behind zero trust is that no one is assumed safe within a company network. A breach is assumed every time, and all sources are verified. “Never trust, always verify” is the mandate.
All users in the network must be authenticated, authorized, and validated before they can gain access to data and applications. The principle of least privilege limits their ability to gain further access and move freely in the network. Analytics can be used to detect a breach if one occurs.
It relies on five guiding principles:
- Verification and authentication: All users must be authenticated and verified based on the information available, including identity, service, and location.
- Evolving perimeter: A perimeter is no longer providing a safe space behind a castle wall. Remote workforces and cloud networks eliminated the traditional perimeter, so zero trust integrates security throughout the network.
- Principle of least privileged access: User access is always limited with least privileged access, giving them only as much access as they need, and only for as long as they need. Once the work is complete, the privileged access is restricted.
- Assume a breach: To mitigate damage, zero trust segments the access to prevent malicious hackers from moving laterally in the network. Analytics are used to detect threats, improve defenses, and gain visibility.
- Zero inherent trust: Zero inherent trust assumes that everyone has malicious intent until they can prove otherwise. All sources are verified at the perimeter level before access is granted.
- Workforce, workplace, workload: Workforce involves verifying trust levels of users or devices to evaluate access privileges. Workplace involves implementing trust-based control. Workload involves the prevention of unauthorized access within the segmented networks.
- Continuous trust verification: Zero trust makes users verify their identity with device location, multi-factor authentication, and other means continuously.
Zero trust encompasses several defense areas, including:
- Identities: All identities are verified with authentication
- Endpoints: Compliance and health status is verified before access is granted
- Apps: Apps are secured with in-app permissions, monitored user actions, and gated access using analytics
- Data: Data-driven protection is top priority, rather than perimeter protection
- Infrastructure: Suspicious or high-risk activities are automatically blocked and flagged
- Network: There’s no inherent trust in the network for being internal. Access is always limited, communications are always encrypted
Protect Yourself from Internal Risks
Zero trust is gaining new relevance in the wake of these recent breaches. Businesses are amassing more data, making them ideal targets for cyber criminals. Traditional cyber security measures aren’t enough, especially with the risk of a breach from a compromised identity. Zero trust protects assets with least privileged access and continuous verification.
By Joseph Carson
Joseph Carson is a cybersecurity professional with more than 25 years’ experience in enterprise security and infrastructure. Currently, Carson is the Chief Security Scientist & Advisory CISO at Delinea. He is an active member of the cybersecurity community and a Certified Information Systems Security Professional (CISSP). Carson is also a cybersecurity adviser to several governments, critical infrastructure organizations, and financial and transportation industries, and speaks at conferences globally.