© 2020 Content Security Pty Ltd.

Combating Threats in a Flexible Workforce

“During the 2020–21 financial year, the ACSC received over 67,500 cybercrime reports, an increase of nearly 13 per cent from the previous financial year. Self-reported losses from cybercrime totalling more than $33 billion.”

– ACSC Annual Report 2020-2021.

What does a business need today to stay secure and operational?

As reported by the Australian Cyber Security Centre (ACSC), no sector of the Australian economy was immune from the impacts of cybercrime and other malicious cyber activity. Government agencies at all levels, large organisations, critical infrastructure providers, small to medium enterprises, families and individuals were all targeted over the reporting period – predominantly by criminals or state actors.

Increased risks and cyber threats escalated due to the new normal. Working from home and bring your own deceives implies enterprises data is being accessed and shared outside the corporate networks. The architecture of Zero Trust Cyber Security model is based on the idea “never trust, always verify”. Therefore, no application, device or person is trusted by default. Even if the user is on the corporate network, every request for access is treated as a potential cyber security breach.

How does this ecosystem work?

The Zero Trust Security model is designed to protect companies from data breaches and cybersecurity threats using an integrated end-to-end holistic strategy approach that involves different technologies and use systematic actions to mitigate your organisation’s cyber risk exposure.

Data is the main asset that we need to monitor and control, including Intellectual property (IP), Payment card information (PCI), Protected Health information (PHI) or Personally Identifiable Data (PII). Zero Trust draws on technologies such as multifactor authentication, Identity Access Management (IAM), orchestration, analytics, encryption, scoring and file system permissions. Zero Trust also calls for governance policies such as giving users the least amount of access they require to accomplish a specific task. Security in today’s digital reality should only introduce constraints that remove barriers to delivering data into the hands of the business decision-makers who need it most. This security model must consider all these changes whilst also being adaptable to the new environment, thus ensuring safe access regardless of their location.

The Zero Trust Security framework consist of 3 main concepts:
1. User/Application Authentication
2. Device Authentication
3. Trust

How do we as an organisation tackle the adoption of Zero Trust?

The Zero Trust Security Framework can be broken down into 8 sub-categories of controls, all of which need to be addressed.

Identity governance and access management is crucial in this ever evolutionising workplace. Every single user in the organisation requires varying levels of access to applications and data. Having controls such as an Identity Access Management tool can ensure that users are provisioned the correct permissions and access, whilst also being able to seamlessly deprovision access upon their departure from the organisation.

Data classification and understanding the business context is of utmost importance for an organisation. This requires an understanding of what data an organisation has, where it is held, what sensitivity it pertains, how readily available it is, and what protects it. On top of this the organisation must also identify who the data owners and custodians are and apply governance via policies and security controls.

The network is the heart of a business’s IT and understanding data flow throughout it is imperative. The practicing of isolation and segmentation can be used to control the lateral movement in an organisation’s network. However, this methodology has been impacted by the introduction of a remote workforce. Therefore, businesses also need to look at implementing other processes such as session isolation and micro-segmentation, as well as removing trusted zones and changing to default deny permission sets. This mitigates the user’s ability to laterally move in other services and applications.

Endpoints predominantly make up a large proportion of an organisation’s assets, thus it is critical that they are managed correctly. To achieve this an organisation would need to be capable of identifying and isolating assets through a policy-based controls strategy. Flexibility is key as not only will this need to apply to employee’s company assets, but also third-party suppliers and contractors untrusted assets.

Applications and services are integral to the day-to-day operations of any organisation. In the current climate, businesses will have a mixture of cloud and SaaS services and applications. It is important that organisations control what access individuals have, especially since most applications do not require a user to be connected to the organisation’s corporate network. This can be tackled by having policies in place that help identify the application type, how it is hosted, the availability of the application cross referenced with they type of data it contains, the traffic flow, and access requirements for employees and third parties.

Visibility in any organisation is key, and this principle is carried over organisation’s network infrastructure, users, and applications. From this an organisation can gain insights into the flow of traffic, whilst being able to perform an analysis of the quality and performance of the network. To align with Zero Trust, organisations will need to perform deep packet inspection on all traffic, monitor for anomalous behaviour, be able to correlate logs from multiple data points, and be able to provide a holistic view of their organisation’s environments.

The ability for automation and orchestration within an organisation is crucial to an efficient and effective security program. Relying on the speed of your employees increases the risk to the organisation, precise minutes could be the difference between a single infected device to an entire network being taken down costing the business precise time and money to remediate. Through automation and orchestration, the speed at which identification to resolution is decreased, regardless of if it is simple or complex.

On top of all of the above, an organisation also needs to be able to define and enforce the access of data in applications and services. This can be done through a risk scoring model and applying access policy definitions, which allows security controls in an organisation to orchestrate the movement on data as defined by the policy.

For more information please contact our cybersecurity professionals today.

Recent news