{"id":34226,"date":"2022-03-08T07:25:59","date_gmt":"2022-03-08T12:25:59","guid":{"rendered":"https:\/\/centricconsulting.com\/?p=34226"},"modified":"2022-10-14T08:41:13","modified_gmt":"2022-10-14T12:41:13","slug":"for-zero-trust-security-take-online-identity-personally","status":"publish","type":"post","link":"https:\/\/centricconsulting.com\/blog\/for-zero-trust-security-take-online-identity-personally\/","title":{"rendered":"For Zero-Trust Security, Take Online Identity Personally"},"content":{"rendered":"

Cybersecurity risks have always been a concern, but the current tensions overseas require heightened awareness and Zero-Trust Security built for online identity protection.<\/h2>\n
\n

Many international leaders and policy experts believe if the war in Ukraine reaches outside of Europe, it will arrive first through cyberattacks<\/a>. Malicious viruses could bring your business to a halt, to say nothing of essential infrastructure like the electrical grid.<\/p>\n

But while cyber warfare may seem like something only technical people and IT security specialists can stop, the truth is that cybersecurity is a lot more personal. It begins with each individual in your organization protecting their own online identity.<\/p>\n

Most organizations already know not to trust an unknown app or person outside their virtual walls. However, adopting \u201cZero-Trust\u201d Security<\/a> goes a step further. It demands organizations verify anything, anyone, from anywhere trying to connect to their systems.<\/strong><\/p>\n

This challenge has grown exponentially in recent years. Today, many organizations rely on third-party applications outside their on-premise networks that enable employees to work from practically anywhere\u2014not just their homes but also coffee shops, parks, cars and more.<\/p>\n

A key part of Zero Trust Security is multifactor authentication (MFA). If you\u2019ve ever received a message alerting you a new device is attempting to access your bank account, you have encountered MFA. But much stronger MFA tools are now available, even within your Microsoft 365<\/a> tenant, that can block 98 percent of identity attacks.<\/strong><\/p>\n

Before looking at how those tools work, let\u2019s look back at the evolution of security networks and threats.<\/p>\n

Preventing Attacks Behind Your Network\u2019s Walls: Traditional Security Models<\/h2>\n

In the network of protection systems most are familiar with, employees\u2019 identities are stored behind the organizations\u2019 network. When users sign in with their single user ID and password, they can then access the company\u2019s apps and data. Any bad actor who acquires any employee\u2019s credentials, from the C-suite to facilities management staff and beyond, can gain access to the network and everything inside it.<\/p>\n

One common way for hackers to attack is by obtaining an employee\u2019s email address, many of which may be easily found on company websites or public documents. The hacker can then send an email to individuals that contains a link to launch a virus when clicked or prompts the recipient to submit their credentials \u2014 often \u201cfor your protection.\u201d<\/strong><\/p>\n

When a high-ranking executive is the subject of such an attack, it is known as \u201cwhaling.\u201d But employees at all levels of the organization may have their emails in the public realm \u2014 for example, a shipping clerk who puts their email address on an invoice, a media specialist who puts it on a press release, or a customer service representative, anyone posting on social media. Attacks like these are called \u201cspear phishing.\u201d<\/p>\n

But unless an email recipient clicks the link or unintentionally provides credentials, they keep identities secured passably well. However, when bad actors exploit application or hardware vulnerabilities, they can easily compromise employee credentials that don\u2019t have multifactor authentication\u2019s additional security measures.<\/p>\n

The growth of third-party applications existing outside the network extends your company\u2019s virtual walls much further than ever before.<\/strong> Identity protection that relies on a single network username and password is no longer enough, and maintaining a single-factor system opens you \u2014 and all of us \u2014 to attack.<\/p>\n

Preventing Attacks from Around the Globe: Multifactor Authentication<\/h2>\n

Does that mean that employees must manage different user IDs and passwords for every third-party app they need to do their jobs?<\/p>\n

Fortunately, the answer is \u201cno.\u201d Multifactor authentication provides a second layer of protection that employees set up through an app on their mobile devices. Like the notification you receive from your bank, the app alerts users when a new device attempts to access their information, but it then goes a step further.<\/p>\n

To allow access, users can provide biometric information, such as a fingerprint or facial recognition, to create a better multifactor authentication user experience while making it exponentially harder for bad actors to compromise. A hacker encounters the same alert, but they lack the biometric credentials to allow access. Biometrics and automated identities also reduce the need to maintain passwords for multiple applications and prioritize central administration.<\/strong><\/p>\n

However, users must understand that to be secure they should only grant access when alerted if they have initiated the prompt. Usually, that means knowingly logging into a device, application, new network or accessing certain data. If a user knows they have not attempted to log in, they should not grant access and should immediately report the incident.<\/p>\n

This additional protection is always important, but it is especially important today. Cybercriminals have already used malware such as HermeticWiper and HermeticWizard in Ukraine since the early days of the Ukraine conflict. And other countries are piling on the attacks. For example, Chinese actors have launched the backdoor-attack malware Daxin, exploiting the fact that many cybersecurity experts are now focused on Russia.<\/p>\n

The effects of these attacks can be enormous for all affected \u2014 individuals, companies and even nations.<\/strong> It can disrupt supply chains, wireless services compromised, remote services rendered useless and more.<\/p>\n

Conclusion: Moving toward a New Thinking about Identity<\/h2>\n

Some employees may view MFA, at least initially, as an additional burden. However, it is a key part of Zero-Trust Security. You must education your employees so they understand it is critical to more tightly secure your organization.<\/p>\n

Another part of Zero-Trust Security is the principle of \u201cleast privilege access.\u201d It ensures that each employee can access only those resources needed to perform their job function, adding an additional layer of protection.<\/strong><\/p>\n

If you have not adopted Zero-Trust Security in your organization, a Zero-Trust Security Assessment will help you discover your organization\u2019s security maturity, learn to promote security awareness and build confidence throughout your organization. By moving beyond the single factor of a \u201csecure network\u201d to ensure only the right person has access to the right data on the right infrastructure within the right application from the right device on the right network, we can all transition to a safer, Zero-Trust future.<\/p>\n","protected":false},"excerpt":{"rendered":"

Cybersecurity risks have always been a concern, but the current tensions overseas require heightened awareness and Zero-Trust Security.<\/p>\n","protected":false},"author":63,"featured_media":34230,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","footnotes":""},"categories":[1],"tags":[18559],"coauthors":[15012],"acf":[],"publishpress_future_action":{"enabled":false,"date":"2024-07-31 22:43:38","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category"},"_links":{"self":[{"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/posts\/34226"}],"collection":[{"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/users\/63"}],"replies":[{"embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/comments?post=34226"}],"version-history":[{"count":0,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/posts\/34226\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/media\/34230"}],"wp:attachment":[{"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/media?parent=34226"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/categories?post=34226"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/tags?post=34226"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/coauthors?post=34226"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}