Securing the perimeter is not enough to protect your data – what happens if a bad actor is already inside?

14th March 2022


Font size: - +

This article has been supplied as a media statement and is not written by Creamer Media. It may be available only for a limited time on this website.

By Kate Mollett, Regional Director at Commvault Africa

Despite the fact that it is a decades-old exploit, phishing remains a top threat to organisations today. Bad actors looking to steal personal information and credentials will use phishing scams because they are simple and effective, and once they have access, they can exfiltrate data and spread ransomware. Stolen credentials give bad actors authorised access to networks, and once they are inside, they can inject malware and wreak havoc. The traditional ways of securing networks, like firewalls and VPNs, are no longer enough, and securing the perimeter is challenging in a remote working, borderless world. Zero trust has become critical to not only ensure authorised access only, but to continually validate access to prevent bad actors with stolen credentials from infiltrating networks and deploying ransomware attacks. 

Are they who they say they are?

A ransomware attack is often not the first port of call for bad actors, and it can be seen as a symptom of a bigger problem. Typically, what happens is that threat actors will gain access to a network, and then begin to infiltrate other areas of the organisation. Only once widespread access has been gained will a ransomware attack be deployed. If they gain access using stolen credentials, it may take a long time to identify the attack, by which time a significant amount of damage may already have been caused. 

Think of your network as a house, and a bad actor as a contractor, like a plumber. When we need a plumber, we will verify their identity before we let them in the house. But once they have access to the house, unless we are aware of where they are and what they are doing, they may be doing damage such as stealing valuables. This is similar to a network. Just because someone has the credentials to access it, does not mean they should simply be allowed in. It is essential to keep validating and monitoring the access, and to ensure that the person accessing the network is who they say they are – this is the basis of zero trust.  

Multiple layers make for stronger security

In order to ensure effective security and zero trust, multiple layers need to be addressed, including user access, the architecture itself, the network and the data. Multifactor authentication is essential for advanced login security, and on top of this, privileged access management ensures that credentials are secured and data cannot be accessed illegitimately. Least privileged access and role-based authentication with additional authorisation controls help to limit access to data. The key is to implement authentication, authorisation and then audit to continuously ensure access is restricted to people with legitimate permission. 

The architecture itself also needs to be addressed, for example, by validating binaries to ensure they are coming from the application they say they are. It is also advisable to implement CIS controls to limit exposure, reduce the threat landscape and make it difficult for threats that have gained access to spread using known vulnerabilities and exploits. Addressing the architecture layer strengthens the foundation. 

The data element

Zero trust is the principle of architecting a secure solution to protect networks, but data requires additional considerations. Segmentation needs to be implemented to reduce access to data, and the network topology must be controlled to protect backup data. It is also essential to have multiple copies of data, and an immutable copy of data that cannot be altered or infected, with air-gapping to ensure better protection. Finally, it is important to include monitoring and alerting to ensure that should incidents happen, they can be identified quickly before they can cause issues. 

Zero trust is the basis of effective data protection in a borderless, remote working world, by ensuring you continuously gate and validate trust throughout data protection and access processes. To achieve this, you need a layered architecture, as well as effective application, network and authentication controls. Above all, whatever zero trust technologies and protocols are in place, your backup and protection solution needs to be complementary to this.

Edited by Creamer Media Reporter




Booyco Electronics
Booyco Electronics

Booyco Electronics, South African pioneer of Proximity Detection Systems, offers safety solutions for underground and surface mining, quarrying,...

SBS Tanks
SBS Tanks

SBS® Tanks is a leading provider of innovative water security solutions with offices in Southern Africa, East and West Africa, the USA and an...


Latest Multimedia

sponsored by

Magazine round up | 10 May 2024
Magazine round up | 17 May 2024
17th May 2024
Photo of Martin Creamer
On-The-Air (10/05/2024)
10th May 2024 By: Martin Creamer

Option 1 (equivalent of R125 a month):

Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format

Option 2 (equivalent of R375 a month):

All benefits from Option 1
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.

Already a subscriber?

Forgotten your password?







sq:0.267 0.32s - 160pq - 2rq
Subscribe Now