Guest blog: Catalyst of Change: Resilient Zero Trust
Daily headlines about cyberattacks and data breaches are a stark reminder that cybercrime activity levels have spiked over the last two years. According to IBM’s 2022 X Force Threat Intelligence Index, the United Kingdom has become one of the top three most attacked countries in Europe in 2021, along with Germany and Italy. Of these attacks, 40 percent have been aimed at the public sector.
In turn, it’s not surprising that the UK Government is stepping up its efforts to address today’s dynamic threatscape by publishing its first ever National Cyber Security Strategy. The UK Government is also investing over £2 billion in cybersecurity defence efforts by retiring legacy IT systems and stepping up the UK’s skills and coordination efforts in this sector. Part of these efforts include the desire to establish Zero Trust principles like we have seen other countries implement (e.g., the Biden Administration in the United States).
Zero Trust Defined
The Zero Trust model, first introduced in 2010 by Forrester Research in collaboration with the National Institute of Standards and Technology (NIST), is not a new concept. It is a security concept centred on the belief that organizations should not inherently trust entities inside or outside its perimeters, and instead should verify all requests to connect to its systems before granting access. Threat prevention is achieved by only granting access to networks and workloads utilizing policy informed by continuous, contextual, risk-based verification across users and their associated devices.
Don’t Misjudge the Efficacy of Zero Trust Technology
However, when implementing a Zero Trust architecture, public sector agencies often misjudge the efficacy of Zero Trust technology. Unfortunately, post-mortem analysis of cyberattacks often reveals that the tools and software meant to protect against incidents are frequently impacted by faulty implementation, software collision, human errors, normal decay, and malicious actions. In fact, most hacks entail reconnaissance and disabling or bypassing any security controls.
Therefore, it becomes essential to ensure that any Zero Trust technology used is resilient to external factors itself. Ultimately, public sector agencies should augment their efforts of establishing Zero Trust principles across their infrastructure by implementing cyber resilience strategies at the same time. According to MITRE, cyber resilience (or cyber resiliency) “is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources.” Most cyber resilience measures leverage or enhance a variety of cybersecurity measures. Cybersecurity and cyber resilience measures are most effective when applied in concert.
A Blueprint to Success
Like Zero Trust, cyber resilience offers a blueprint to strengthen an organization’s security posture in today’s dynamic threatscape, establish security controls that require cyber adversaries to spend more time figuring out how to bypass them (which they often are not willing to do, as time is money), and the means to recover from cyberattacks quickly and efficiently.
Cyber resilience strategies encompass, but are not limited to the following best practices:
- Maintain a trusted connection with endpoints to detect unsafe behaviours or conditions that could put sensitive data at risk. This includes having granular visibility and control over endpoint hardware, operating systems, applications, and data gathered on the device. This always-on connectivity can help with reimaging the operating system in case of a ransomware attack.
- Monitor and repair misconfigurations (automatically when possible), as organizations cannot assume that the health of their IT controls or security will remain stable over time.
- Monitor network connectivity status, security posture, and potential threat exposure to enforce acceptable use via dynamic web filtering.
- Enforce dynamic, contextual network access policies to grant access for people, devices, or applications. This entails analysing device posture, application health, network connection security, as well as user activity to subsequently enforce pre-defined policies at the endpoint rather than via a centralized proxy.
Combining both Zero Trust and cyber resilience allows for Resilient Zero Trust, which can act as a preventive measure to counteract human error, malicious actions, and decayed, insecure software. Ultimately, the goal of Resilient Zero Trust is to aggressively shield the entire public sector agency, covering all available cyber resources (e.g., networks, data, workloads, devices, people).
Dr. Torsten George is a cyber security evangelist at Absolute Software, which enables a reliable work from anywhere experience by delivering resilient Zero Trust solutions to ensure maximum security and uncompromised productivity. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Dr. George has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book.
Contact: @torsten_george or @absolutecorp
Local Public Services Innovation: Creating a catalyst for change
techUK, in collaboration with its Local Public Services Committee, has published a new report making the case for enhanced digital innovation adoption across the UK’s local public services to improve citizens’ lives. The report, ‘Local Public Services Innovation: Creating a catalyst for change’