Stay away from the Headlines! Cyber Security imperatives for the new normal

95% of cybersecurity breaches are caused by human error.” – Cybint

Rapid technology innovations on multiple fronts pose a complex challenge for those tasked with the security and availability of the IT infrastructure. On one hand, new devices such as mobile phones, smart screens, and IoT-enabled devices are deployed alongside computers. At the same time, IT policies allowing BYOD (Bring Your Own Device) and WFH (Work From Home) has now become the norm, which has compounded the security problem

The result is a significant increase in the threat surface along with the number of points from where the IT infrastructure can be compromised. Of all recent developments, the now accepted shift to WFH and the use of personal devices pose the biggest challenge. IT Managers now need to take measures to secure both the device and the access point from where employees connect to the Corporate network. But how can they ensure the identity of the user accessing the system and adherence to security norms while employees work from the comfort of their homes?

Many Enterprises have become soft, yet lucrative targets for hackers as a result of the increased threat surface that is as yet unsecured. Trends indicate:

  • Remote workers will be soft targets for cybercriminals
  • As a side effect of remote workforces, cloud breaches will increase
  • Cybersecurity skills gap, specially in Enterprises, will remain an issue
  • Growth of always on, connected devices will increase network vulnerability

The invisible threat to your IT infrastructure

When employees worked in offices, businesses were able to ensure that only authorized staff accessed critical infrastructure, in part through physical security measures. It was easier to ensure that staff complied with the established security norms. But with employees now working from home, businesses have to rely purely on the users’ virtual identity and trust that users comply with security processes

The probability that malicious users can compromise the System, either from within the organization or by taking advantage of unsuspecting employees, is very real. CIOs need to assign equal emphasis on securing the IT infrastructure from external threats and from internal vulnerabilities.

Indicators of Internal Sabotage

Internal Sabotage is when employees have access to the company’s sensitive systems, information and use it for malicious purposes. Most internal saboteurs come in two flavors – Players and Pawns.

Players – Are aware of the crime and have malicious intent.  They are typically disgruntled employees or people who have joined the organization with a certain motive. Research has shown that most of these have some kind of personal predisposition and hence get into this.

Pawns –  Are typically employees who do not have a motive but unknowingly participate in the act.  They are typically people who are helpful and enthusiastic. Their intention to help people or their ignorance gets exploited. 

It is important to understand the persona and motivation of the “Players”:

  • Most internal attacks are triggered by an unfavourable event or condition at the workplace. The motive generally  is revenge.
  • Largely the attacks happen after office hours and outside the office premises via remote access. Perpetrators find comfort in not being surrounded by people  or physically being present in the workplace.
  • Generally, it’s likely that peers are aware of the sabotage, or at least observed a change in behaviour even if they are not aware of the concrete plan.
  • Most attacks are carried out through compromised or shared computer accounts.
  • In several cases these indicators are observed but ignored by organizations due to work load or carrying on the age-old way of doing things.

Preventive steps / actions

Combating internal vulnerabilities and securing the IT infrastructure requires a coordinated approach on 2 fronts. Organizations need to take advantage of the latest technologies to monitor, analyze and identify threats in advance. Simultaneously, people processes also need to be updated to address security topics for the remote working scenarios

HR Initiatives

Align all teams who are responsible for data security. This includes HR, IT, Maintenance, and Security. Make them aware and educate them on the increased threats and the latest trends in cyber attacks. Educate employees about internal attacks and encourage them to come up with a collaborative plan.

Clearly document and consistently enforce policies and controls. Ensure all the employees who have access to data are also educated about the new threats and vulnerabilities.

Encourage employees to provide insights on the new policies and take inputs for threats that could potentially come from within.

Incorporate malicious and unintentional insider threat awareness into periodic security training for all employees.

Disgruntled employees are a major source of internal threat. Create an HR plan to identify and track potentially disgruntled employees.

One of the best ways to track personal-level issues and problems is to use peers themselves. Create strong and well-crafted whistleblower policies where the employees feel empowered and responsible for the well-being of the company.

Technology-led Initiatives, Systems, and Approach

The Zero Trust model

Created by John Kindervag back in 2010 based on “never trust, always verify”. It is a concept where organizations should not automatically trust any research or individual inside or outside. It suggests a fresh start by revoking all access and providing access on a case-by-case basis with a clear understanding of the need. Technologies such as Identify and Access Management (IAM) and multi-factor authentication (MFA) are complementary to this approach.

It is just not enough to implement these technologies alone. There should also be a strategy and a clear SOP in place to manage the operations of the organization. However, this strategy is a little aggressive and requires a complete overhaul of the security policies and ongoing work which is not always practical and more often than not, could potentially break the system or make it brittle by holding it together with bandages.

Security Mesh

Most traditional security systems are designed and inspired by the castle-and-moat layout where all systems inside the moat are secured. This was an effective strategy in the traditional ecosystem. Over the years though, certain adaptations such as cloud and distributed workforce have created new challenges. Security mesh is one such approach where the focus is on securing every node of the network and not the traditional approach of building a boundary around the entire network.

Identity-first security and Identity Management

Identity management (IdM), also known as identity and access management (IAM) is the security practice that enables the right individuals or machines to access the right resources at the right times and for the right reasons.

Identities are the most vulnerable threat surface of every organization. Identity includes people, machines, IoT devices, and an active device or a group of devices on the network that needs to access a resource or service. Identity Security is one of the primary implementations of the Zero Trust model where all identities used in the organization are secured and managed using technology.

This enables providing fine-grained access to resources and data at an almost individual identity level and prevents Privileged Account Compromise. One example of this is the IAM security provided by AWS. Most solutions in this space span multiple technologies and platforms.

There are several products in the market that cater to this need:

  • IBM Security Verify Access
  • Cisco Identity Services Engine
  • CyberArk – Idaptive
  • Okta
  • OneLogin – Access

Remote worker Endpoint Security

With remote work becoming the new normal, securing remote access nodes poses new challenges especially with them being present outside the firewall. This problem is further compounded with infrastructure moving to the Cloud.

Breach and attack simulation

Is a continuous fire drill performed typically by independent vendors where they simulate sophisticated attacks similar to techniques used by cybercriminals to find vulnerabilities and report the same. 

Cloud security breaches

Refers to the compromising of data or nodes on cloud infrastructure. With more companies moving to the cloud, this has only snowballed in the past few years. Most of the data breaches can be attributed to configuration errors, IAM permission errors, re-use of identity. 

Best practices to reduce these vulnerabilities are

  1. Encrypt all data that is persistent (databases, logs, backup systems). Build this process in the QA checklist for all releases. Classify systems and data into sensitive and others. Ensure that sensitive data is secured and encrypted
  2. Prevent re-use of resource identities in the infrastructure and ensure each identity’s permissions are allotted on a need basis. Use tools like Centrify, Okta and CyberArk to manage these permissions.
  3. Routine audits on identity permissions, firewalls and cloud resources can help prevent these breaches. 

Securing your infrastructure

Over the years as companies have moved to the cloud, we have seen only an increase in cyber attacks.  With remote working becoming commonplace,  the line between internal and external attacks has blurred.  It is better to preempt the company’s defenses than be a victim.  Get in touch with us for an inside on how you could secure your company’s business and infrastructure. 

Want to know more? Contact us now

Cybersecurity Mesh – Key Considerations before Adoption & Implementation

The infamous Botnet data leak that took place recently exposed a total of 26 million passwords, with 1.5 million Facebook passwords among leaked data. In another cyber-attack incident, the largest fuel pipeline in the U.S. Colonial Pipeline Co. was hit by ransomware. Hackers gained entry into its networks with the help of a compromised password and caused shortages across the East Coast.

Incidents of cyberattacks continue to jeopardize data security. With remote work becoming the norm during the pandemic, threat actors have an expanded vulnerable surface to target. TechRepublic predicts more ransomware attacks and data breaches as threat actors continue to explore new vulnerabilities.

Not surprisingly, then, enterprises are now focusing on strengthening cybersecurity. A Gartner survey reports: “With the opening of new attack surfaces due to the shift to remote work, cybersecurity spending continues to increase. 61% of respondents are increasing investment in cyber/information security, followed closely by business intelligence and data analytics (58%) and cloud services and solutions (53%).

In response to these infrastructure attacks in recent times, President Biden’s administration enacted a cybersecurity executive order wherein the federal government will partner with the private sector to secure cyberspace and address the many concerns through its far-reaching provisions.

The rise in digital interactions and remote work arrangements has compelled enterprises to find a way to curtail cyber attacks. Besides, cloud-based ransomware attacks have put them in a pickle as the shift to the cloud had accelerated during the pandemic. Amidst these vulnerabilities and circumstances, cybersecurity mesh has emerged as a viable solution to circumvent cyber threats and secure digital assets everywhere.

Let’s delve deeper to know what it’s all about and how it’s changing the IT security paradigm across the globe.

Why adopt cybersecurity mesh?

A 600% uptick in sophisticated phishing email schemes since the pandemic began shows how vulnerable our IT systems are. Ransomware attacks are predicted to cost $6 trillion annually by 2021; a new organization is falling prey to ransomware every 11 seconds. 98% of cyberattacks are based on social engineering and new employees are often the most vulnerable. Emails constitute 92% of all malware attacks, while Trojans account for 51% of all malware.

The accelerated shift to the cloud to meet the growing needs of customers and the ensuing weaknesses in cloud security have led to frequent attacks. Explains Michael Raggo, cloud security expert at CloudKnox, “One of the systemic issues we’ve seen in organizations that have been breached recently is a vast amount of over-permissioned identities accessing cloud infrastructure and gaining access to business-critical resources and confidential data. We’ve seen when an attacker gains access to an associated identity with broad privileged permissions, the attacker can leverage those and cause havoc.

Cybersecurity mesh facilitates scalable, flexible, and reliable means to ensure cybersecurity across all levels to protect your processes, people, and infrastructure. Considering that a vast majority of assets now exist outside the traditional security perimeter, a cybersecurity mesh helps you stretch its boundaries to build it around an individual’s identity. So rather than having one large perimeter to protect all devices or nodes within a ‘traditional’ network, we now create small, individual perimeters around every access point to heighten its security. A centralized point of authority will manage all the perimeters to ensure there are no breaches.

Key benefits

Cybersecurity mesh helps you adopt an interchangeable, responsive security approach that stops threat actors from exploiting the weaker links within a network to get into the bigger network. When employed correctly, cybersecurity mesh offers the following benefits:

  1. Cybersecurity mesh will support more than 50% of IAM requests by 2025

As traditional security models evolve, enterprises will now rely on cybersecurity mesh to ensure complete security. Identity and Access Management has been a bit of a challenge for enterprises for some time now. Akif Khan, Senior Director Analyst, Gartner, elaborates, “IAM challenges have become increasingly complex and many organizations lack the skills and resources to manage effectively. Leaders must improve their approaches to identity proofing, develop stronger vendor management skills and mitigate the risks of an increasingly remote workforce.”

Cybersecurity mesh with its mobile, adaptive, unified access management model is expected to support more than half of all IAM requests by 2025.

  1. IAM services will be largely MSSP-driven

Considering that most organizations lack the necessary resources and expertise to plan, develop, acquire, and implement comprehensive IAM solutions, the role of managed security service providers (MSSPs) will be crucial. Where multiple functions will have to be addressed simultaneously, organizations will leverage their services.

Gartner expects 40% of IAM application convergence to be driven by MSSPs by 2023, thereby shifting power from product vendors to service partners.

  1. 30% of Enterprises will implement identity proofing tools by 2024

Vendor-provided enrollment and recovery workflows have often posed a challenge in building trust as it is difficult to differentiate genuine users and attackers. Multifactor authentication via email addresses and phone numbers has often proved to be ineffective.

Gartner predicts 30% of large enterprises will use identity-proofing tools from the beginning, embedding them into the workforce identity lifecycle processes to address these issues and make way for more robust enrollment and recovery procedures.

  1. A decentralized identity standard will manage identity data

The traditional centralized approaches have been futile in managing identity data when it comes to the three main focus areas that include privacy, assurance, and pseudonymity. A decentralized approach based on the cybersecurity mesh model and powered by blockchain ensures total privacy necessitating an absolute minimum amount of information to validate information requests.

Gartner expects the emergence of a truly global, portable decentralized identity standard by 2024 that will address identity issues at all levels – business, personal, social, societal, and identity-invisible use cases.

  1. Demographic bias will be minimized everywhere

There have been several instances of demographic bias based on race, age, gender, and other characteristics that iterated the need for document-centric identity proofing in online use cases. Face recognition algorithms became part of the ‘ID plus selfie’ to ensure identity through photo comparison of customers with the ones seen in their identity document.

However, it’s important that the face recognition process is foolproof to eliminate bias and keep damaging implications at bay. By 2022, 95% of organizations will expect vendors responsible for identity-proofing to prove that they are minimizing demographic bias.

A building block for zero-trust environments

Contrary to the traditional approach of building ‘walled cities’ around a network, cybersecurity mesh paves the path for password-protected perimeters to secure networks. Devices are allowed into the network via permission levels that are managed internally. Such an approach minimizes the risk of users’ devices or access points being hacked or compromised.

Organizations are increasingly leveraging the cybersecurity mesh as a building block to create zero trust end-to-end within the network to ensure data, systems, and equipment are securely accessed irrespective of their location. Unless verified, all connections and requests to access data are considered unreliable according to the principles of zero trust architecture.

Navigate your security landscape with Trigent

Trigent offers a multitude of solutions to support your cybersecurity initiatives. Our team of technology experts can help you level up with modern cybersecurity approaches and best practices to strengthen your IT security defenses.

Fortify your security stance with Trigent. Call us today to book a business consultation.

Understanding the Concept of Anywhere Operations and Its Scope

The pandemic has had a lasting impact on many things including the way we work. We have all transitioned into the digital world for virtually everything. The massive shift has posed infrastructure challenges to organizations urging them to re-examine traditional methods of working and enable a ‘work from anywhere’ culture. It has also become important for enterprises to use their resources wisely both during and after the pandemic. They are now pulling up their socks to prepare for the evolving needs of hybrid workspaces in the New Normal.

What they truly need is Anywhere Operations – an IT operating model Gartner believes 40% of organizations would have applied already by the end of 2023 to offer a blended virtual and physical experience to employees as well as customers. It is garnering a lot of attention since the time it has come into being.

So what is Anywhere Operations after all and how does it impact enterprises? Let’s find out.

The concept

Remote working has become a reality that will continue even in the future. In a recent survey by Gartner, 47% of the respondents said they intended to allow employees to work remotely full time. Explains Elisabeth Joyce, Vice President of advisory in the Gartner HR practice, “The question now facing many organizations is not how to manage a remote workforce, but how to manage a more complex, hybrid workforce. While remote work isn’t new, the degree of remote work moving forward will change how people work together to get their job done.”

As boundaries between real and virtual environments continue to blur, enterprises need to ensure ubiquitous access to corporate resources. There is greater dependability on digital tools and the resilience of enterprises will largely depend on how well they deploy them. Enterprises will have to adopt a more serious approach towards the transformation of their IT infrastructure – be it devices & apps or remote IT support and cybersecurity.

It is imperative that businesses deploy management solutions that allow teams to work in tandem and continue to enjoy the same accessibility irrespective of the location they log on from. Anytime Operations, clearly, is inevitable and the need to match pace with the fluid working style of today will push it towards mass adoption. Remote work however is more about the workforce whereas Anywhere Operations includes customers into the mix so that customers are also able to connect and interact for all their needs any time from wherever they are.

When implemented correctly, Anywhere Operations will serve as the perfect model for building resilience and flexibility.

Anywhere Operations supports:

  • Remote work
  • Remote deployment of products/services
  • Business partners, stakeholders, and customers

It encompasses productive business operations and its core objective is to ensure that these operations can be managed effectively from literally ‘anywhere’.

Anywhere Operations is not just an enabler of work from home, online customer support, or remote deployment of products/services but an organizational paradigm that offers value across multiple areas. These include:

Collaboration and Productivity

The need to attain the pre-pandemic level of collaboration and productivity has led to the emergence of virtual offices replete with task management tools, meeting solutions, club office suites, digital whiteboards, and video conferencing platforms. This enables employees to see each other, interact, conduct meetings, assign tasks, share ideas in real time, review space occupancy and usage, etc.

Remote assistance is crucial to enable sharing of digital replicas of devices and maintain real-time analytics. While it was easier to visit the client’s office in the past, the need to implement XR tools is being felt today to facilitate better collaboration around tangible objects and help clients in this period of social distancing.

Secure Remote Access

Development teams and clients are provided secure remote access via cloud solutions powered by firewalls to ensure safe access to the virtual environment. In order to fortify the security measures, ways and means are being explored to replace traditional VPN for users operating in multiple time zones.

Identity & Access Management (IAM) solutions that enable multi-factor authentication, passwordless authentication, Zero Trust models, and Secure Access Service Edge (SASE) are now being applied to ensure secure access to data and applications, anywhere, any time. Cybersecurity mesh is also being considered by modern enterprises. While ensuring timely responses and a more modular security approach, it makes identity the security perimeter.

Cloud and edge infrastructure

Organizations had already started discovering the power of automation and how certain tasks that were being performed manually needed immediate automation. In order to ensure 24/7 secure access, ubiquitous cloud migration was important.

Distributed cloud now has become the future of cloud computing and provides edge cloud for a nimble environment. Edge computing provides an opportunity for enterprises to collect a huge amount of data from various locations separated by distance and time zones to create efficiencies and bring down operating costs. It ensures that cloud computing resources are closer to the location where data and business activity is.

Project management and product development tools along with CRM tools used by sales and marketing departments are therefore being moved to the cloud. Enterprises are shifting infrastructure to cloud to ensure governance and accessibility for business continuity. Apart from flexibility and security, cloud solutions offer cost benefits with respect to smart repository usage.

Enterprises are looking at integrating IoT and 5G technologies to catalyze connectivity beyond imagination. The ability of IoT to allow back and forth flow of data makes it critical for dynamic business environments of today and will continue to drive edge-computing systems. Cloud and edge infrastructure will help avoid latency and gain real-time insights. Cloud and edge architectures will minimize time lags in data processing to help industries perform computing tasks closer to where data is gathered quickly.

AI edge processing is now being leveraged extensively for applications that have sub-millisecond (ms) latency requirements and helps circumvent bandwidth, privacy, and cost concerns. Enterprises are now critically evaluating their API platforms that serve as the essential building block on the road to successful digital transformations.
Google’s recently rolled out Apigee X is a case in point.

Says James Fairweather, chief innovation officer at Pitney Bowes, “During these uncertain times, organizations worldwide are doubling-down on their API strategies to operate anywhere, automate processes, and deliver new digital experiences quickly and securely,”
Automation to support remote operations

Automation will be at the helm of operations in a bid to minimize human intervention. Enterprises are now keen on automating tasks that can help make better business decisions.

Enterprises are increasingly using AIOps platforms that connect ITSM and ITOM to deliver high-value insights that can predict outages, prioritize events, and get to the root of event patterns to fix them. The modern AIOps platforms help a great deal for discovery, endpoint automation, and self-enablement. Zero-touch is also being deployed for automatic provisioning and configuration of devices without manual involvement.

Quantification of the digital experience

Dubbed as ‘total experience’, digital experiences are a culmination of customer experience, employee experience, and user experience that can be tracked by mapping the EX and CX journeys. Quantification concerns the entire interaction from the time the first contact was made up to the present day. As interactions get more virtual, distributed, and mobile, total experience will give enterprises the edge to reach new frontiers of growth and make technological leaps.

Enterprises need to offer better technology to support the hybrid workforce while supporting the buying behaviors of customers. Just offering a great customer experience is not enough, and effort must be made to monitor and respond to experiences in real time to strengthen the relationship with employees as well as customers.

Achieve Anywhere Operations with Trigent

With decades of experience in turning insights into strategies and a sophisticated suite of products to drive your business, we can help your organization usher in a much-needed technology transformation for achieving Anywhere Operations seamlessly. We can be your trusted partner in delivering Enterprise IT solutions.

Talk to our experts for a business consultation.

A Deep Dive into Zero Trust Security

Why implement zero trust security?

With today’s workforce becoming progressively agile, gaining access to scattered apps from a multitude of remote devices from anywhere globally, there has been an acute need to protect the data, apps, users, and devices. As remote working has become mainstream, there is more load on the Cloud, and consequently, there is increased potential risk for security breaches. The Zero Trust Security model is a strategic idea and principle that helps firms stop data breaches and protect their assets, urging them to trust no entity within the organization before verifying, as threats can come from external users and internal ones. The cloud service provider is responsible for the platform’s security, but the onus lies on the customer to secure the data they store. AI/ML, blockchain, DevOps, and other emerging technologies require companies to consider their digital environment’s veritable security. For a business, it is imperative that employees securely access enterprise apps deployed behind the firewall. Other entities that will access the apps include vendors, contractors, associates, customers, and developers. Whether these apps are hosted in a public cloud or a private data center, this is a complex, unwieldy task that requires on-premise-hardware and software, including Application Delivery Controllers, VPNs, Identity, and Access Management (IAM) systems. Despite these technologies, an enterprise is subjected to many security threats caused by access to internal apps that expose the entire network to detrimental attacks. To offset these challenges, more and more enterprises are shifting to zero trust security.

The nuts and bolts of zero trust security

The Zero Trust Security model assumes zero trusts. Every request is thoroughly authenticated, authorized, and encrypted before granting access. Also, as cyber criminals can manage to compromise any of the assets, it is easy to breach the organization’s network. The attacks are more sophisticated by blatant poachers such as cyber criminals and bad actors. Once hackers cross the corporate firewall, it is easy for them to navigate without much resistance.

The zero-trust security concept relies on existing tech and govt. processes such as micro-segmentation and granular perimeter reinforcement to trust a user, a machine, or an application seeking access to critical data. To ensure high security, various systems and methodologies are incorporated, including: (ref. image)

The nuts and bolts of zero trust security

Common IT challenges to implementing the zero trust security model

Once you are acquainted with the zero-trust network, the pros, and cons, the subsequent move in the journey is to absorb some of the challenges you may have to overcome in implementing and adopting the zero-trust security system. You, along with the security team, must understand the importance of implementing policy as a code, and evaluate the policies and the complete degree of change involved in advancing from the traditional model that covers only the security boundaries to a comprehensive zero trust security model.

Network security can be demanding in this era of mobility, IoT, and Work From Home (WFH) settings. The challenges to implementing Zero Trust include technical debt, influence on legacy systems, and conventional development of peer-to-peer & distributed systems. The other common IT challenges include network trust & malware, secure application access, complexity, and IT resources. The best security strategy is moving to a least-privilege app access model, where access is given only to those needed to perform a task.

Ways to implement zero trust security

Assimilating zero trust security theoretically can be easy, but implementing it can be an arduous task. Zero trust security was first implemented over a decade ago. However, many enterprises are still ambivalent about implementing it in their organizations, despite the widespread popularity of the model. Complex IT environments, legacy systems should be embraced in a multi-phased manner. Build zero trust by design and not retrofit it. Here are the steps involved in implementing it:

  • Efficiently deploy micro-segmentation: Micro-segmentation is a process of disintegrating security perimeters into smaller zones to ensure that dedicated access is given to each part of the network.
  • Use Multi-Factor Authentication: Multi-Factor Authentication (MFA) is a smart approach to achieving high network security. It is considered as the guiding principle of zero-trust security. MFA involves three factors, namely, the knowledge factor, the possession factor, and the inference factor.
  • Incorporate PoLP (Principle of Least Privilege) or limited user access: PoLP restricts access to users with only adequate permission to those files required to perform the accorded task. They can read, write, and execute these files. Also, the PoLP access can be applied to limiting access to apps, systems, processes, and devices to only those permissions necessary to carry out the task.
  • Verify all the devices located at the endpoints on a network: While hackers can be deliberately notorious, systems and devices are prone to fallibility. So, both have to be verified. Each device accessing corporate resources must be enrolled and verified before giving access to the data.

Transiting to zero transit security model

The quest for the zero-trust security model is just an email or a phone call away. Trigent enforces stringent security policies and assists with any possible security anomalies or incidents. Trigent’s Security Solutions team assesses your company’s IT vulnerability and builds a zero-trust security model, whether it’s an existing IT environment or a transition from a legacy system, or replacing VPN with ZT Remote Access. Our security services include operational management, security incident management, compliance management, audit support, solution analysis, information security advice & guidance, system assurance, and global information security coordination.

Reach out to us to know which zero trust security technologies can most suitably guide your security transformation.