Did you know that in addition to a coronavirus pandemic, we’re also in the middle of a “cyber pandemic?” The explosion on online threats to security has been significant since the pandemic began. Hackers are taking advantage of the fear and disruption of the pandemic, less secure remote workers, and the desire for any type of information about testing or vaccines. Network security has been stretched to the limit as a result. Here are a few of the troubling statistics over the last year that illustrate the more dangerous threat environment:
- Ransomware has grown by 72% and mobile malware by 50%
- Over 80% of surveyed organizations were hit by a successful cyberattack
- Microsoft Office malware rose by 2,251%
Along with the rise in threats is an increase in the sophistication. For instance, malware now uses AI and machine learning to morph and disguise itself to try to get around traditional antivirus/anti-malware systems.
The Old “Castle Moat Approach” Isn’t Good Enough Anymore
The traditional approach to cybersecurity is to set up a strong perimeter around your network and devices through a firewall and antivirus/anti-malware programs. In other words, this is what’s known as the “castle moat approach.” Security is designed to keep out the bad guys and anyone that is already inside the castle is considered a good guy. All the defense mechanisms are focused on keeping unauthorized people out. But what happens if one of those unauthorized parties makes it into the castle – or in our case, a network. Insider attacks can often go unchecked for weeks or months if there are no internal security systems set up.
How Zero Trust Security Works
Zero Trust security means that those that have made it inside the castle are not automatically trusted. Instead, they are challenged, and internal gatekeeping is put in place to identify any insider threats. When it comes to your network security, this entails using several Zero Trust best practices that help prevent things like fileless attacks, account takeovers, and zero-day malware attacks. Because of the increase in both volume and sophistication of cyberattacks, it’s important to move to a Zero Trust strategy if you want to keep your network and data protected.
Best Practices for a Zero Trust Security Strategy
Hackers want your user passwords. A password allows them to bypass the system security that keeps bad actors out and gives them free reign to a user account and its data and privileges. Access security is especially important now that so many businesses have most of their data and workflows in the cloud. Multi-factor authentication (MFA) is one of the best ways to protect accounts from being compromised. It sets up a policy by which a user isn’t just assumed to be legitimate because they have the right username and password. The additional code that must be input when MFA is enabled typically can’t be accessed by someone that doesn’t have the user’s mobile device. Therefore, this is why MFA is 99.9% effective at stopping hacked logins.
You can think of application whitelisting as the list a bouncer of a fancy club has. In other words, it lists the people that are allowed to come in. If you’re not on the list, you can’t enter. Application whitelisting does this for your devices and network. Instead of having to know all the dangerous malware files that may execute in an attack, the system only has to know the applications that are allowed to run and blocks all others by default. This helps stop zero-day malware that isn’t yet cataloged in a threat database.
What happens if a hacker sends a malicious command to a legitimate process, one that is whitelisted and approved to run? This is exactly what happens in a fileless malware attack. For example, Windows PowerShell is a common target of these types of attacks. Additionally, using application ringfencing can stop a fileless attack. It sets the rules for what whitelisted programs can do and how they can interact with other system programs. If a malicious command is sent that is not on the approved actions list, it’s stopped from executing.
Continuous Network Monitoring
Another important best practice of Zero Trust security is to have your network continually monitored for any threats. One of the best ways to do this is through a managed IT services plan. It must include ongoing threat monitoring and managed antivirus/anti-malware. Companies should also be monitoring endpoint devices that connect to their networks, cloud apps, and data using an endpoint device management application, such as Microsoft Intune.
Get Started on a More Secure Path with Zero Trust Strategies
Copperband Technologies can help your Southern Kentucky or Middle Tennessee businesses adopt Zero Trust principles to ensure your network is safe against new and emerging online threats. Contact us today to schedule a consultation! Call 931.263.8000 or email us.