Security News > 2021 > January > Zero trust: A solution to many cybersecurity problems

Zero trust: A solution to many cybersecurity problems
2021-01-25 06:00

CISOs of organizations that have been hit by the attackers are now mulling over how to make sure that they've eradicated the attackers' presence from their networks, and those with very little risk tolerance may decide to "Burn down" their network and rebuild it.

Whichever decision they end up making, Touhill believes that implementing a zero trust security model across their enterprise is essential to better protect their data, their reputation, and their mission against all types of attackers.

In his post as adjunct professor of Cybersecurity at Carnegie Mellon University, Touhill often hears from his students in the CISO certification course that they don't know where to start when choosing security priorities for an organization.

"TTPs that can reduce our risk exposure are often not properly employed, if at all. We know, for example, that zero trust can reduce the 'blast radius' of a ransomware attack, yet many organizations continue to keep deferring implementation. We know DMARC reduces your risk exposure from fraudulent email accounts, yet many organizations continue to operate without DMARC installed and/or properly configured," he said.

While many board members are beginning to understand the danger and are directing the executive teams to evaluate the risks of ransomware attacks and conduct business case analyses to evaluate courses of action, some organizations have unfortunately come to the conclusion that paying a ransom rather than having to rethink their architectures and TTPs is the better choice for them.

"Looking forward, I am alarmed by unconfirmed reports that some criminal gangs are investigating means of going beyond the standard encryption-lockout technique commonly used in ransomware. In the not-too-distant future, I anticipate attacks where the attackers actually tamper with the victim's data, undermining the trust in its integrity," Touhill concluded.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/LsaKAbDQPxM/