Zero Trust: a quick guide to upping your cybersecurity game

3- Embrace the “zero trust” mindset (…and multi-factor authentication)

Some companies still think they can keep threats out of their perimetre using firewalls or various kind of digital moats. They should think again: the way the internet has evolved – with employees using their personal devices for work-related matters, third-parties and contractors granted access to the company’s system, and insecure IoT devices on the rise – means that no organisation should feel secure within the bounds of its internal network.

“Now, the internal network is the whole internet,” Maynard says. “And you should treat the security of internal access requests as if they were coming from the Internet.”

That means moving from a legacy “trusted” model, in which requests are considered trustworthy as long as they come from within the organisation, to a “zero trust” one, in which by default no-one is trusted. “Every user has to prove and authenticate that they are trusted before we will allow them to access an application,” Maynard says. The best way to enforce that new paradigm is to adopt a multi-factor authentication model, like linking a user’s authentication to the usage of a trusted device. “The combination of device and user is a very powerful [way of verifying identity],” Maynard says.

“At a minimum, enterprises should implement multi factor authentication for high-risk users, or a group of users who are accessing high-risk applications.”

4 – Keep an eye on security updates

Just because you’re small doesn’t mean cybercriminals won’t target you.

“Size isn’t necessarily why you are a target,” says Fielder. “If you’ve got some really cool intellectual property, or some new idea – that might be what [the attackers] are after.”

Problem is: small and medium businesses, or small office/home office organisations are less likely to have a sprawling, battle-hardened cybersecurity team at their beck and call. Which leaves them vulnerable to some of the nastier attacks that have popped up recently – such as for instance crypto-mining.

“With crypto-mining, a successful cyber-attack could hinge on targeting a selection of smaller organisations,” Maynard says. That is why, for smaller enterprises, cyber-alertness is king. Very often vulnerabilities in software and codes will have been spotted and addressed by the cybersecurity industry – but until a company installs security updates or patches, any old threats will remain a present danger.

“Attackers are typically leveraging vulnerabilities that the industry already knows about,” Maynard says. “Vulnerability-management, patch-management, and making sure that you update to the latest software – these are just as critical to a small-and-medium business organisation as is for larger enterprises.”


For more information on zero trust click here

Visit SotoNets Cloud Solutions

Similar Posts