You need decentralized cybersecurity to match decentralized attacks
The world of cybersecurity is rapidly changing. Hackers are getting smarter and more sophisticated, and in the age of remote work, globalization, and endless third-party connections, attack methods and motivations are changing. Organizations need to pay attention.
How are cyberattacks changing?
Hackers are no longer looking to just breach a single system. As the SolarWinds hack showed, they’re often using an organization as a tunnel into more lucrative systems. SolarWinds was just a vector for the bad actors to infiltrate government agencies. In addition, ransomware rates are skyrocketing and hackers are purposefully going after critical infrastructure, knowing a company like Colonial Pipeline will pay quickly to avoid real world devastation, as well as healthcare where EMR data fetches a pretty penny. Additionally, the world is now decentralized. There’s no more physical office, singular server room, or desktop computer protected by a single password. People are working from anywhere and everywhere while accessing different systems from their home or coffee shop WiFi, and that trend is opening gap after gap that hackers can get through. They are taking full advantage of it.
How can your organization stay protected?
Perimeter defenses used to be the norm in cybersecurity — castle-and-moat architecture. The major flaw was that a hacker would try to get past a virtual wall, and once they were in, they could access anything and everything. It was a single line of defense, and as we’ve seen over and over and over, it could easily fall. If that defense is out, and hackers are finding more creative ways to access a system, what’s the best method of protection? Decentralized cybersecurity in the form of critical access management. It all comes down to access — what access points exist, who has access, and how well are those individual, decentralized points protected. Critical access management contains a few key methods and practices that help organizations modernize their cybersecurity and stay safe in a changing world:
Develop and implement strong access policies
There should be established rules in place for who should have access to which assets and what privileges they should have when accessing an asset. The secretary in the HR department of a hospital doesn’t need the same access rights for EMRs that an ER doctor does. Role-based access policies, at least for internal employees, are an easy way to provision and deprovision access rights. Additionally, another access policy best practice is utilizing least privileged access, where a given user only has access to what they need to complete a task and nothing more. Building out this architecture can help an organization gain visibility into those critical access points and better understand who can (and should) have access to those various points and assets.
Employ access controls
Access policies are only useful if they’re enforced. Access controls are the techniques employed to have precision over when and how a user can exercise their access rights. These access controls can include anything from time-based access, to access notifications, to even a department or organization-wide access schedule. Importantly, any and all access controls should follow the Zero Trust principle. Zero Trust, also called Zero Trust Network Access, removes any implicit trust from internal or external users, instead applying the same fine-grained controls across the board. This removes any gaps while tightening security around even the most routine access points.
You can’t know if your organization’s access policies and access controls are working properly without visibility. 51% of organizations don’t monitor access to network resources and critical data, and that’s a major problem. Whether it’s proactive and reactive observation, or proactive and reactive analysis, taking a look at what’s happening with an access point is crucial to understanding if the cybersecurity architecture in place is working. In addition, access monitoring can quickly alert an organization to anomalies and offer valuable insights if a breach does occur. This post originally appeared in Data Breach Today.