Increasingly, Cyber Resiliency Depends Upon Zero-Trust Implementation
Changes in how we work brought about by COVID-19 present the opportunity to implement zero-trust architectures to meet new and evolving cyber threats.
August 23, 2021
Understand Your Landscape and IT and OT Security Gaps
The cyber-threat landscape is constantly changing. One area that will continue to have increasing risk will be supply chain–based attacks. As security teams embrace new tools for security and continuity of operations, those tools will generate new attack vectors, so don't get comfortable.
We've seen an increasing prevalence of ransomware attacks as the world has become more virtual during the pandemic. Examples abound in the media where we saw this play out with the Colonial Pipeline attack, where IT/OT convergence meant a major US fuel disruption. Digital technologies that address ransomware attacks have become even more of a priority as those attacks have increased in sophistication.
In addition, the COVID-19 pandemic has created a whole new environment where the workforce is working primarily from home. This has driven the need to develop remote IT infrastructures almost overnight. Lessons learned come down to disaster and response planning and, as we settle into a more permanent remote-work setting in many cases, reprioritizing investments in technologies that enable a resilient remote workforce such as multifactor authentication.
We've also seen the cybercrime threat quickly adapt to the remote workforce. At the beginning of the pandemic, the Cybersecurity and Infrastructure Security Agency warned government and commercial entities about the exploitation of specific remote-desktop vulnerabilities. More recently, CISA warned about Exchange Server vulnerabilities. Although patches were released in both instances, CISA observed cyber incidents where compromised Active Directory credentials were used for months after the victim organization patched its appliance. These exploits are classic examples of cybercriminals adapting attack methodologies to the increased use and scale of remote work.
Source: Raytheon Intelligence & Space
The Opportunity to Implement Zero-Trust Architectures
The pandemic has presented the opportunity for the cyber and IT-security communities to evaluate what can and can't be trusted, even when operating under zero-trust architectures so that technologies can't be used to undermine the very thing they were designed to protect.
In the context of detection and response, one of the most important things any company or organization can do is implement a robust zero-trust architecture that enables rapid detection and effective response. By zero-trust technology implementation, we mean microsegmentation with inbound, outbound, and cross-bound controls applied to users, devices, networks, workloads (e.g., applications, services), and data. We also utilize user activity monitoring; system hardening and monitoring, and data labeling and document tracking. If these practices are implemented, then compromises, such as the recent major supply chain compromises, can be detected and contained.
Roughly half of chief information officers believe the pandemic has permanently accelerated digital transformation and the adoption of emergent technologies, as reported by KPMG. This shift has further increased the risks associated with the newly expanded remote workforce. We must evolve if we are going to protect our networks, ourselves, and our intellectual property. In the future, this would mean companies will increasingly move away from VPN technologies to prioritize new technologies that facilitate the implementation of zero trust–based networking through the use of software-defined perimeter (SDP) tools.
In practice, zero trust grants access transactionally — using multifactor, contextualized access controls that go beyond traditional user name- and password-based authentication — rather than granting broad access based on a fixed rule. Any time that access to critical business systems and networks goes unchecked, there's more inherent vulnerability.
Take a Crawl-Walk-Run Approach
Three things I recommend any company consider if they're just getting started on a zero-trust strategy:
On zero-trust planning, ask yourself: Have I mapped out a comprehensive zero trust strategy? What architecture and secure collaboration tools can I employ, particularly for remote access, to reduce the volume of sensitive data leaving my enterprise?
On ensuring alignment to standards, ask yourself: Does my implementation plan reflect alignment with zero-trust standard such as NIST’s SP 800-207 Zero Trust Architecture (ZTA)?
On where to start, ask yourself: Where do I currently perceive the highest risks: networking, people, devices, workloads, or data? What platform-based approach can I use to address my highest priority areas of risk to prevent vendor lock-in and build a plug-and-play zero-trust solution for the future?
The complexity of adopting zero trust is its greatest challenge as it requires careful planning. User, device, workload, data, and network security technologies all need to operate together to be effective against internal and external cyber threats. While it is possible to achieve quick wins in some areas, there are no silver bullets or shortcuts. It takes incremental investment into existing architectures, a long-term commitment, and patience.
For businesses and organizations to remain resilient against current and future cyber bad actors, a zero-trust architecture will be what's required to enjoy cyber-resilient operational and IT infrastructures, protect our valuable intellectual property, and mitigate against the financial and reputational risk of a breach.
About the Author
John DeSimone is vice president of Cybersecurity, Training, and Services for Raytheon Intelligence & Space, a business of Raytheon Technologies. DeSimone previously led the Cybersecurity and Special Missions mission area at Raytheon Company's Intelligence, Information and Services business prior to Raytheon Company’s merger with United Technologies Corporation in 2020.
Before joining Raytheon in 2016, DeSimone served as an executive vice president of delivery and operations at CSRA Inc. He also served as vice president and general manager of Computer Sciences Corporation's North American Public Sector Enterprise Services group, where he led the strategic direction, planning, and execution of the group's growth and development initiatives, driving, and delivering next-generation technology solutions for customers across NPS's portfolio.
DeSimone has held executive roles at IBM's public sector and at Northrop Grumman Corporation. He also held a leadership position at Motorola, Inc., as the head of its public safety software business. DeSimone earned a bachelor's degree in computer science from Columbia University in New York and attended the Motorola Chairman's Leadership Institute at the Kellogg School of Management at Northwestern University. In 2020, he was named Cybersecurity Industry Executive of the Year by Washington Exec.
You May Also Like
Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024