US security must start with zero trust

The pandemic has undeniably altered various things in our lives, whether it be personally or professionally. But cybersecurity is currently seeing the biggest shifts of all, and one could argue it was the industry most desperately in need of them.

This influx of change has coincided with extra pressure on cyber defense in the United States, as some of its largest organizations across the country have fallen victim to some form of a security breach. Particularly, a boom in ransomware attacks has coincided with a fast-moving shift towards remote work, as over 304 million attempts took place in 2020 amidst the pandemic. Just this month, Howard University was forced to cancel classes after one the largest HBC’s in the country was hit with an attack. As the United States continues to face attacks across critical sectors — energy and infrastructure, healthcare, and operational technology (OT) — a cultural shift in cybersecurity is taking place.

The events of the past year led the White House and the Biden Administration to issue an Executive Order this summer to improve the nation’s cybersecurity, calling on the Federal Government to “make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life.” President Biden’s recent Executive Order comes in the wake of major cybersecurity attacks such as the Colonial Pipeline and Solar Winds attacks — and one of the first steps of the future of cybersecurity in the U.S. involves the adaptation of zero trust technologies and bringing them to scale across IT systems nationwide.

Evolving Network Security — Why Zero Trust?

Everything about how we view network security is evolving. Hybrid and remote work are still a reality for a large percentage of the population 18 months following the onset of quarantine. For many, these dynamics will remain permanent for the foreseeable future. This dynamic is continuing to create headaches for businesses and security/IT teams trying to remain compliant and prevent costly catastrophic breaches, all while ensuring that they keep their company’s data fully secure. To combat this, it’s imperative that a true zero trust security strategy be built around adaptable solutions that provide continuous verification while never sharing your top secrets.

The world is also being exposed to new vulnerabilities as it switches to a more hybrid remote work culture. For businesses and organizations, achieving true zero trust architecture means looking toward flexible identity-based solutions that can support the work-from-anywhere environment. Following these new blueprints around cybersecurity will enable the U.S. (and other governments) to help mitigate the massive challenges that lie ahead.

Zero trust may seem like yet another new buzzword in cybersecurity, but it is quickly becoming an integral solution for preventing damaging data breaches and cyber-attacks. Zero trust operates under the premise that ALL networks are insecure and must individually evaluate each resource continuously to determine who is allowed access. This verification process is done every time a user wants to access a component of the network, ensuring that users are only accessing what they are approved to access. This idea of continuous verification is critical towards preventing attackers both inside and outside the network.

Before the onset of the pandemic, the overall awareness around the importance of quality cybersecurity practices wasn’t unknown, but it also wasn’t always acknowledged as a pressing issue. As technology evolved and the threat of bad actors continued to rise exponentially, the last 18 months have proven to be a prime example of how quickly the landscape has shifted.

Prior to the pandemic, most businesses required local network operations and employee connectivity to networks in the office, and perimeter-based security solutions were typically viewed as sufficient — or at least sufficient enough. However, in recent months, digital transformation and societal work changes have revolutionized network architecture and dissolved the perimeter altogether.

With remote or at least hybrid work set to become a mainstay of corporate life, an identity-centric approach is the clear way forward.

More specifically, secure connectivity can only be achieved by eliminating transitive trust and continuously identifying and authenticating every device, user and identity before providing them with access to network applications. This authorization problem is at our doorstep and ready to break the door down, and cybersecurity solutions must evolve to meet the challenge — with identity as the key.

What the Future Holds

There are currently uncertainties around the near-term future of Zero-Trust Network Access (ZTNA) adoption, but new standardizations have given the blueprint for the simplification of complex cybersecurity strategies.

And while the EO and other government efforts stress the impact larger enterprises and government entities face, we must also be mindful that cybersecurity is not “one size fits all.” SMBs are oftentimes even more vulnerable because they are viewed as easy targets due to their small security teams and budgets. They may not always be a big win financially for a successful hacker, but they become easy targets because they are much more likely to comply with a hacker’s demands and don’t have competent security infrastructure in place.

The concerns over widespread gaps in network security, whether for SMBs or large enterprises, have also all been raised ad nauseum by researchers and experts from all over the globe. The difference now is that, finally, action is taking place to improve overall security posture.

In particular, it’s encouraging to see that governments are looking at Zero Trust more closely, as seen by the new EO issued by the White House. However, in order to cater to an organization’s needs, cybersecurity should be looked at more holistically in order to cover more ground and fully protect the organization’s assets. The EO provides the groundwork for organizations to build on and help assure they are fully secure in the future, but now it’s up to them to take action needed to keep their bottom lines and customers safe.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.