The pandemic has placed a heavy and lasting strain on our economy, which is due to week-long shutdowns or critical supply bottlenecks and a significant increase in cyber attacks on companies as a result of hasty and unprepared remote work. As the report Cost of Data Breach 2021 shows, the cost of data breaches has recently increased from $3.86 million to $4.24 million, the highest average total cost in the 17-year history of this report. And since the beginning of the Covid crisis, the BKA has also been warning of increased cyberattacks, such as ransomware or DDoS attacks. IT security is more important than ever.
Why More Robust Access Controls Are Needed
Since more and more employees have been working from anywhere, the requirements for access controls in companies, in particular, have changed significantly. Security measures that regulate who can see or use specific computer resources – especially from remote locations – are playing an increasingly important role. Access to networks is based on data to authenticate the identity of persons seeking access and authorize the appropriate persons to use specific files in a system.
The types of digital access control available to security teams are diverse, ranging from mandatory to role- or rules-based controls, often supported by commercial software and policy recommendations. They are all helpful and yet cannot guarantee security against account abuse because a look at the approach of today’s cyber attackers shows that they “hack” into the targeted systems less and less often. Instead, they are increasingly taking advantage of weak, stolen, or default passwords to log into systems like any authenticated user. According to the Verizon Data Breach Investigations Report, 2021 , 85 percent of security breaches can be traced to human error.
This is often done via social engineering – i.e. by tricking people into passing on sensitive data to third parties, for example, via phishing emails or fake websites. According to the United Nations, malicious emails increased by a remarkable 600 percent during the pandemic. No wonder, because the danger of social engineering is exceptionally high in the home office, as a current study von Bitkom shows: 59 percent of the companies surveyed stated that they had been affected by IT security incidents that could be attributed to working from home since the beginning of the pandemic. In half of the cases (52 percent) there was also economic damage.
Why Zero Trust Is The Future
No matter how great the Trust in one’s employees may be, they remain the weakest link in the security chain. Be it carelessness, human error or, in rare cases, malicious intentions: Security teams know that absolute Trust is far from an option if the attack surface is to be kept as small as possible. This is all the more true for today’s working world, in which employees frequently switch between remote work and the office and leave the protected perimeter. For a long time, the doctrine of those responsible for cyber security was “Trust is good, control is better”, but many now work according to the motto “Never trust, always check” – and do more than well with it.
The security model of the future is therefore called Zero Trust. This includes practices and technologies whose default position is to deny access to the network to anyone whose identity has not been properly authenticated and who have not been expressly granted access to the system. In a way, Zero Trust is a further development of the well-known least privilege approach, in which a user is only allowed to access the systems and resources that he needs to complete his tasks – and only for the time it takes to do this is required. Zero Trust goes one step further: Even once a user has been authenticated, Zero Trust protections require additional authentication through multiple factors, such as B. fingerprint or face scans, and block the user from any application or service for which he does not have permission. This means that even if a criminal manages to break into the system, any attempt at a lateral attack can be thwarted. It is essential to understand that Zero Trust does not necessarily mean a specific product or technical solution but rather a way of thinking or a mantra for modern security.
In recent years, the importance of Zero Trust for the IT industry has increased continuously, which shows a high rate of adoption of the approach in companies. In a Gigamon study in 2020, three-quarters of the IT decision-makers surveyed from Germany, France and Great Britain stated that they were already using Zero Trust or were planning to do so. More than half of them agreed that the security approach improves their IT strategy in the long term, primarily due to the increase in productivity associated with the introduction. But when it comes to mitigating the financial impact of cyberattacks, the “trust nobody” approach has proven successful. According to an IBM report, Zero Trust helped reduce the average cost of a data breach by $1.76 million in 2021.
Distrust As A Security Boost
The transition to a Zero Trust model is associated with a wide range of advantages for companies and a profound cultural change – both in IT security and the entire company. Many fear that the assumption-the-worst, trust-no-one approach could harm cohesion and employee productivity. In the Gigamon study mentioned above, 40 percent of those surveyed confirmed that their employees generally do not like being observed and checked. And an outdated and fragmented system infrastructure also becomes a challenge for introducing Zero Trust.
The fact is that the Zero Trust model – is introduced and implemented with care – has many advantages: It can ward off the current wave of attacks on the digital systems – whether through social engineering or targeted hacking or at least contain it. At the same time, solutions are developed that increase security while maintaining productivity and seamless access.
Also Read: Four Local Points Of Container Security