Securing the perimeter is not enough to protect your data – what happens if a bad actor is already inside?
This article has been supplied as a media statement and is not written by Creamer Media. It may be available only for a limited time on this website.
By Kate Mollett, Regional Director at Commvault Africa
Despite the fact that it is a decades-old exploit, phishing remains a top threat to organisations today. Bad actors looking to steal personal information and credentials will use phishing scams because they are simple and effective, and once they have access, they can exfiltrate data and spread ransomware. Stolen credentials give bad actors authorised access to networks, and once they are inside, they can inject malware and wreak havoc. The traditional ways of securing networks, like firewalls and VPNs, are no longer enough, and securing the perimeter is challenging in a remote working, borderless world. Zero trust has become critical to not only ensure authorised access only, but to continually validate access to prevent bad actors with stolen credentials from infiltrating networks and deploying ransomware attacks.
Are they who they say they are?
A ransomware attack is often not the first port of call for bad actors, and it can be seen as a symptom of a bigger problem. Typically, what happens is that threat actors will gain access to a network, and then begin to infiltrate other areas of the organisation. Only once widespread access has been gained will a ransomware attack be deployed. If they gain access using stolen credentials, it may take a long time to identify the attack, by which time a significant amount of damage may already have been caused.
Think of your network as a house, and a bad actor as a contractor, like a plumber. When we need a plumber, we will verify their identity before we let them in the house. But once they have access to the house, unless we are aware of where they are and what they are doing, they may be doing damage such as stealing valuables. This is similar to a network. Just because someone has the credentials to access it, does not mean they should simply be allowed in. It is essential to keep validating and monitoring the access, and to ensure that the person accessing the network is who they say they are – this is the basis of zero trust.
Multiple layers make for stronger security
In order to ensure effective security and zero trust, multiple layers need to be addressed, including user access, the architecture itself, the network and the data. Multifactor authentication is essential for advanced login security, and on top of this, privileged access management ensures that credentials are secured and data cannot be accessed illegitimately. Least privileged access and role-based authentication with additional authorisation controls help to limit access to data. The key is to implement authentication, authorisation and then audit to continuously ensure access is restricted to people with legitimate permission.
The architecture itself also needs to be addressed, for example, by validating binaries to ensure they are coming from the application they say they are. It is also advisable to implement CIS controls to limit exposure, reduce the threat landscape and make it difficult for threats that have gained access to spread using known vulnerabilities and exploits. Addressing the architecture layer strengthens the foundation.
The data element
Zero trust is the principle of architecting a secure solution to protect networks, but data requires additional considerations. Segmentation needs to be implemented to reduce access to data, and the network topology must be controlled to protect backup data. It is also essential to have multiple copies of data, and an immutable copy of data that cannot be altered or infected, with air-gapping to ensure better protection. Finally, it is important to include monitoring and alerting to ensure that should incidents happen, they can be identified quickly before they can cause issues.
Zero trust is the basis of effective data protection in a borderless, remote working world, by ensuring you continuously gate and validate trust throughout data protection and access processes. To achieve this, you need a layered architecture, as well as effective application, network and authentication controls. Above all, whatever zero trust technologies and protocols are in place, your backup and protection solution needs to be complementary to this.
Comments
Press Office
Announcements
What's On
Subscribe to improve your user experience...
Option 1 (equivalent of R125 a month):
Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format
Option 2 (equivalent of R375 a month):
All benefits from Option 1
PLUS
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors
including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.
Already a subscriber?
Forgotten your password?
Receive weekly copy of Creamer Media's Engineering News & Mining Weekly magazine (print copy for those in South Africa and e-magazine for those outside of South Africa)
➕
Recieve daily email newsletters
➕
Access to full search results
➕
Access archive of magazine back copies
➕
Access to Projects in Progress
➕
Access to ONE Research Report of your choice in PDF format
RESEARCH CHANNEL AFRICA
R4500 (equivalent of R375 a month)
SUBSCRIBEAll benefits from Option 1
➕
Access to Creamer Media's Research Channel Africa for ALL Research Reports on various industrial and mining sectors, in PDF format, including on:
Electricity
➕
Water
➕
Energy Transition
➕
Hydrogen
➕
Roads, Rail and Ports
➕
Coal
➕
Gold
➕
Platinum
➕
Battery Metals
➕
etc.
Receive all benefits from Option 1 or Option 2 delivered to numerous people at your company
➕
Multiple User names and Passwords for simultaneous log-ins
➕
Intranet integration access to all in your organisation