Zero Trust, a core component of any modern security strategy

Looking to avoid a supply chain hack like Sunburst? CrowdStrike CTO Mike Sentonas says Zero Trust is key.

Image via Freepik

In the spirit of building a solid foundation, Zero Trust security has once again come into the forefront. Whie the concept of Zero Trust is not new, the reality is that not enough organizations have adopted those in IT and security, the concept of identity-centric protection isn’t anything new. But coupled with the fact 80% of all breaches are a result of compromised identities, it’s become increasingly obvious Zero Trust architecture must be adopted or organizations will find themselves exposed.

eCrime Numbers Reach All-Time Highs

CrowdStrike’s 2021 Global Threat Report found eCrime intrusions increased to 79% in 2020, compared to 69% the year previous, demonstrating how adversaries have been throwing more weight behind enterprise ransomware schemes, also known as Big Game Hunting (BGH), due to increasing payouts with minimal effort. It’s true the shift to remote work during the pandemic increased attack surfaces for eCriminals, but many will use any opportunity to continue to monetize their victims.

My team has observed the cost of ransom payouts escalate from a few hundred thousand dollars to one million on average globally. As threat actors become more incentivized, instances of these intrusions go up and the techniques and methods employed by threat actors become more advanced. For example, we’ve seen an uptick of eCrime actors employing double extortion techniques, in which they will demand a ransom for the return of an organization’s data, and then demand an additional ransom with the threat of releasing or selling the data.

Proliferation of Threats Across Supply Chains

Intelligence experts agree that supply chain attacks will continue to pose a threat to all sorts of organizations in 2021 and beyond. The headline-grabbing Microsoft Exchange hack is one such example, in which a Chinese espionage group exploited four newly-discovered flaws in Microsoft Exchange Server email software to seed hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems. The supply chain attack vector is uniquely vulnerable as an initial access tactic that can provide malicious actors with the ability to propagate from a single intrusion to multiple downstream targets of interest. As such, companies are recognizing identity protection is central to the defense of any enterprise’s infrastructure.

The Case for Zero Trust

The question becomes what to look for in a modern identity-centric and workload security solution. In a modernized Zero Trust model, there is no such thing as a trusted source. The model assumes would-be attackers are present both inside and outside the network. Every request to access the system must be authenticated, authorized and encrypted— which means combining real-time analysis and Machine Learning (ML) is a must. Otherwise, you might miss the critical window between when an intruder compromises the first machine and when they can move laterally to other systems on the network, compounding the attack impact exponentially with every victim machine.

Multifactor authentication (MFA) is one of the most common ways to confirm a user’s identity and increase the security of the network. A true end-to-end solution will provide you with MFA coverage and comprehensive visibility. Such software will allow you to monitor authentication traffic and user behavior helping you improve the enterprise’s security hygiene.

Although a core component, Zero Trust architecture is just one aspect of a comprehensive security strategy. While technology plays an important part in protecting the organization, digital capabilities alone will not prevent breaches. To truly create a resilient enterprise, companies must adopt a holistic security solution that minimizes the attack surface, incorporates a variety of endpoint monitoring, detection and response capabilities and leverages threat hunting to ensure the safety of their networks.

Mike Sentonas is CrowdStrike’s Chief Technology Officer. Previously, he served as Vice President, Technology Strategy at CrowdStrike. With over 20 years’ experience in cybersecurity, his most recent roles prior to joining CrowdStrike were Chief Technology Officer – Security Connected and Chief Technology and Strategy Officer APAC, both at McAfee (formerly Intel Security). He is an active public speaker on security issues and provides advice to government and business communities on global and local cyber security threats.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.