According to a report from Webroot.com during crises such as the COVID-19 Crises “3 in 10 workers worldwide have clicked a phishing link in the past year. In the US, it’s 1 in 3.”
In a normal situation 4% of the people will click on a link from an unknown sender even when the hyperlink states, “Don’t click on this link” Research shows you cannot avoid this phenomenon.
Training and security awareness programs have helped organisation to reduce successful attack on their network from phishing. However, such an attack does not need lots of people clicking to be 100% successful. The success from the 4% is enough to be a nuisance to your organisation. So, what can you do about this problem?
The attackers trying to break into the corporate network want to be able to move laterally within the network. Even when you cannot eliminate the 4% you could take measures to reduce the effect of their actions by introducing Zero Trust Security (ZTS) into your organisation. With Zero Trust Security you can reduce lateral movement in your network and as such, intruders have limited access to few systems within the network. Zero Trust Security is not a product but a set of design principles which cannot be implemented using a single product. So, watch out for vendors that promise to sell you a single product that would provide you Zero Trust Security.
According to Microsoft, Zero Trust controls can be implemented across six fundamental elements of your network:
In addition to the above controls, there should be visibility of all assets of the environment and complete orchestration of all automation.
Other security vendors such as OneTrust (CISCO), Checkpoint, Palo Alto Networks have similar ideas regarding the implementation of Zero Trust Security. Zero Trust Security is a holistic approach to security architecture design. It is based on the fundamental concept of Never trust, always verify anyone or anything operating within or from outside the security boundary. It is designed to protect all computer assets, applications, and data.
Zero Trust Security ensures all resources are accessed securely regardless of location. The principles of The Least privilege are implemented through access control and strictly enforced.
To learn more about Zero Trust Security please visit our ZTS training.