You can’t trust hackers. Those four words probably go without saying, especially when they’re applied to the kind of malicious “black hat hackers” who seek to cause harm with their hacking. Nonetheless, it’s an important lesson to take to heart — particularly when it comes to zero trust network access (ZTNA).
2021 has so far been home to no shortage of large-scale hacks. The attack on global IT service provider Kaseya is one of the most significant ransomware attacks on record, with the perpetrators, REvil, demanding a massive $70 million for a “universal decryptor” to unlock enormous numbers of files rendered inaccessible. Then there was the hack which breached SolarWinds, Microsoft, and VMWare; the attack on the Microsoft Exchange which may have had tens of thousands of victims; the hacking of cloud computing company Accellion, with victims including a half dozen U.S. universities, Shell Oil, and many, many others. And the year’s only half over.
So many major hacks in such a short space of time are, of course, bad news. But it’s also yet another reminder, hopefully, a wake-up call, regarding the impact that cyber attacks can have. Just as significantly, it’s an indicator that even the companies responsible for controlling incredibly critically sensitive infrastructure are making some big mistakes when it comes to the strategies they employ (or, in some cases, don’t employ) for IT security.
The Colonial Pipeline attack
For example, one recent attack of the computer systems of Colonial Pipeline, an American oil pipeline system, by ransomware attackers was reportedly caused not by some unavoidable, zero-day vulnerability exploited, but through the discovery and use of an old login credential. This did not raise the alarm because it wasn’t protected by the basic security protocols utilized. All the hackers had to do was get hold of a password on the dark web, match it up with a legitimate login user ID, and then access the system in question — and use this to wreak damage.
For a comparison, imagine losing the key to your front door and, sometime later, it is found and passed on to criminals. Your home is subsequently burglarized: something you could have avoided by changing the locks when you discovered that the key in question was no longer in your possession. The cybersecurity of this misstep was repeated in the case of Colonial Pipeline.
Many of the hacks that have taken place this year highlight the importance of zero-trust security. Zero trust architecture has been a concept in computer security for years but is clearly now more important than ever. Zero trust is based on the concept of identity verification. It doesn’t matter whether a user or a device is inside or outside a network perimeter, they are assumed to be a potential threat.
The power of zero trust
Zero trusts, therefore, works to verify their identity in order to allow them to operate freely. This differs greatly from the traditional approach to network security, which operated on the assumption that threats came exclusively from the outside. Anyone who was able to gain access and operate from the inside was therefore deemed to be a legitimate user.
Zero trust makes it far more difficult for would-be attackers to use compromised accounts as well as endpoints. It also places severe limitations on the ability to escalate privileges and move laterally within compromised systems. A zero trust workflow typically involves users authenticating their identity by way of MFA (multi-factor authentication), before being given access to only those applications and network resources they require based on their identity. During a session, they are continuously monitored looking for anomalies in the form of unusual forms of behavior that could suggest a bad actor has infiltrated a system. Threat response can then be initiated right away in real-time.
Stopping hackers in their tracks
Zero trust network architecture has already been a massive game-changer for network security. But, as evidenced by the sheer number of cyberattacks, it is a technology that should be even more mainstream than it already is. On the surface, the idea of users feeling as if they’re not trusted sounds like a negative. But the potential ramifications of, for instance, a stolen set of credentials being found and used to allow an attacker to break into a system to cause chaos, are simply too great.
For the most part, legitimate users won’t find their workflow impeded by the adoption of zero trust architecture. The parties who will find their work impeded? Malicious hackers. If this approach to security can help reduce the number of attacks going forward (and it will), it’s cybersecurity tech that just about every company out there needs to invest in as soon as possible. Let’s hope they listen to the clarion call.