As we continue to see targeted phishing and ransomware attacks become more commonplace in both the public and private sectors, it\u2019s increasingly clear that organisations cannot afford to continue operating on a \u2018wait and see\u2019 basis for their cybersecurity. It\u2019s critical for the continuity of business and operations that effective solutions are implemented proactively \u2013 limiting an organisation\u2019s exposure to cyberattacks and shoring up their defences. For an organisation looking to do this today, a zero trust implementation is an essential part of any comprehensive cybersecurity solution. <\/p>\n\n\n\n
Zero trust as a concept distinguishes itself from traditional approaches to defending networks and IT infrastructure; previously, these were protected by building as strong as possible a defence between the systems under the organisation\u2019s control and those that are external \u2013 everything inside would be treated as safe, and everything outside as potentially malicious. This approach provides good initial protection against outside attacks, but is less useful for detecting and blocking attacks that come from inside the network, and cannot protect users and systems that exist on the outside, like remote workers, cloud-based services, and edge devices. <\/p>\n\n\n\n
What zero trust does differently, then, is to remove the single network-wide implicit trust found inside traditional network architectures. Instead, it assumes a constant state of breach, requiring that every request made on the network is verified as though it originates from an external source, regardless of the physical or network location. Even after granting access, zero trust enforces the principles of micro-segmentation and least-privileged access to ensure that each verified request can still only access the information and systems it requires, and limits lateral movement throughout a network. <\/p>\n\n\n\n
A case in point comes with the news at the end of February that News Corp, the owner of many major media corporations including the UK newspapers The Sun<\/em> and The Times, had not only suffered from a cyberattack, but that the perpetrators had remained in their systems for two years before being detected.\u00b9 While any intrusion is naturally cause for alarm, the notable thing about this story is the amount of time the attackers were able to retain a presence within News Corp\u2019s systems without detection. A thorough zero trust implementation would have required constant verification and authentication from the attackers, limiting their movement within the network and likely flagging their activity as suspicious far earlier than happened in reality. <\/p>\n\n\n\n As anyone paying attention to such stories will be aware, the potential damages that come from a successful ransomware attack can be devastating \u2013 both in terms of financial losses, and continuation of business. There have been countless news stories of high-profile targets brought to a standstill due to such attacks, both in the private and public sector; Hackney Council is still attempting to recover from ransomware that infiltrated their systems over two years ago.\u00b2 More recently, Royal Mail was unable to handle any international shipping for weeks after an attack breached their systems, and the attackers continue to threaten the leak of company data collected in the attack.\u00b3<\/p>\n\n\n\n