Use "Zero Trust" and not be afraid of "Inside Threats"!

Insiders are employees and other personnel who are granted access to the system to perform certain tasks. The definition of internal personnel can be extended to non-employees, such as consultants, customers, suppliers and third parties, who also have a certain identity in the organization and can access various systems.
Use "Zero Trust" and not be afraid of "Inside Threats"!

What is an insider threat?

Internal personnel have the right to access the system to perform tasks related to their job duties. The combination of all the information they have may ultimately pose an internal threat to the organization, and whether the actions of the insiders are intentional or malicious, or caused by errors, accidents and negligence, may cause damage to the organization, which may also Cause the *** to destroy their access credentials through various means. Insider threats include identity theft and fraud, intellectual property theft, and reduced data integrity and system availability.

One way that organizations can mitigate internal threats is through the "zero trust" model, which emphasizes not to blindly trust anyone who tries to access the system or initiate transactions, even those individuals who have been granted access rights should not blindly trust.

A brief history of zero trust

The concept of zero trust strategy was first proposed in 2010 by an expert from Forrester Research Institute. This concept was accepted by all walks of life after a while, and Google was one of the first companies to announce a zero-trust policy. After Google adopted it, this concept became popular as an acceptable IT security model and was adopted by many organizations.

How does zero trust work?

The zero-trust architecture is a threat management model that does not assume that people and systems running in the network are entitled to all rights without repeated verification.

The traditional IT infrastructure makes it difficult for anyone outside the organization to access private resources, but it ignores the security risks posed by internal personnel. In fact, there are countless cases where employees deliberately or inadvertently cause confidential data leakage, resulting in millions of dollars in losses.

Everyone needs verification

The zero-trust policy requires verification of everyone (whether internal or external). By default, the zero-trust model will not trust anyone, whether inside or outside the network. Many cybersecurity experts believe that this simple additional layer of security can prevent data leakage.

Consequences of data breach

An IBM study showed that a data breach may cost a company more than $3 million. In a data breach case, the loss of personal customer data may have many consequences, including damage to the corporate reputation. Many affected customers will choose to do business elsewhere, which means reduced revenue. The statistics and consequences of internal threats presented by industry experts and research reports are distressing. Many organizations choose to correctly adopt a zero-trust strategy to deal with internal threats.

How organizations should adopt a zero-trust policy

It is recommended to adopt and slowly implement a zero-trust strategy to minimize risks. First, you should analyze the risks faced by the organization. Define the scope and consider your resources, priorities, and schedule to create a zero-trust implementation plan. You can decide to use internal resources or hire an expert to help you implement it.

Next, you need to implement an authentication protocol to protect your system and sensitive assets by controlling identity and its access. You should use multi-factor authentication and a hierarchical access authorization model to protect all assets so that once anyone enters the system, they will not have unrestricted access to data. This can protect your organization from complete bankruptcy due to an unethical employee.

Basically, you will deploy and approve the identity verification process before allowing anyone to enter the network or conduct transactions. This protects you from the leakage of expensive data that could cause the company to fail. One of the main dangers of insider threats is that *** can access privileged accounts to execute their plans. This is why it is absolutely necessary to manage privileged accounts carefully.

Monitoring based on the zero trust model

Once the scope of the implementation of the zero trust framework, the selected technology and the implementation process are determined, a monitoring process needs to be established to find malicious activities on the network. Once suspicious activity is detected, it must be flagged and resolved. If this process is performed diligently, monitoring internal privileged access (which may also be leaked by outsiders) will pay off.

Finally, you will implement an access control model based on granular attributes. ABAC is an access control model, which is considered to be the next generation access management model evolved from the role-based access control model. ABAC is based on establishing a set of attributes, such as:

Subject or user characteristics, such as department, position and IP address,
Object or system and data characteristics, such as sensitivity level,
Environmental characteristics, such as time and location.

The main idea is to define which characteristics or attribute combinations will be used to control access from the perspective of the central strategy. The attributes of each system may be different.

Generally, the key to developing an effective zero-trust strategy is to carefully examine all activities to identify and prevent as many unauthorized activities as possible, especially high-risk transactions initiated by privileged account holders.

Continuous verification across devices

The Zero Trust Framework uses five key areas in practice, namely:

User trust
Device trust
Transmission/session trust
Data trust
Application trust

In order to make the Zero Trust program effective, please verify the five key areas through a step-by-step process including scope, technology and process to improve security. As you continue to assess the risks, the project can continue to grow from a small scale. To be successful, you will want to implement it in such a way that it provides the greatest degree of security while having the least impact on operations. You can reduce the risk of data leakage and unauthorized access or transactions through the handling and management of internal security threats.

10 steps to build a zero trust program

Please refer to the following steps to create and implement a zero-trust security program:

Complete risk assessment
Define your scope—systems, data, people, equipment
Develop a business plan and roll it out to the organization
Determine your budget and resources
Develop a zero trust implementation plan
Define trust standards and boundaries
Deploy multi-step and multi-factor authentication technology
Pay attention to privileged accounts on critical applications, databases and devices
Implement appropriate access control models, such as attribute-based access control models
Monitor access and activity across systems based on your trust standards

in conclusion

The zero-trust model carefully examines every person or device that requests access to the system and resources, regardless of whether the requester is an internal or external person. Ultimately, the goal behind Zero Trust is to solve the weakest link in security, that is, trusted entities and people (and devices) with access rights. Although internal personnel provide valuable services, their established access rights may pose a huge security risk to the organization, which must be continuously verified, confirmed and approved to protect your company and most valuable assets Avoid potential insider threats.

Article source: https://www.identitymanagementinstitute.org/managing-insider-threats-with-zero-trust-model/

Historical articles