For decades, agencies have defended their IT by focusing most on guarding their networks’ perimeters. While valuable, monitoring the traffic coming and going from agencies’ networks is no longer enough. In this new era of widespread telework, cloud and Everything-as-a-Service (EaaS), agencies need greater network visibility than before.
Agencies aren’t looking just at the “north-south” of traffic moving inside their network perimeters for threats. Lateral cyberattacks occur when perpetrators breach agencies’ defenses and then move freely “sideways” or “east-west” on their networks. The modus-operandi of cybercriminals today is to seek a weakly defended element, and then access sensitive data by moving laterally to avoid stronger safeguards.
This protection against lateral movement is what zero-trust cybersecurity is all about. By automatically distrusting everything on and off their networks, agencies can enhance their IT security.
According to Greg Young, Vice President of Cybersecurity at Trend Micro, a cybersecurity software provider, zero trust can dramatically elevate agencies’ cyberdefenses from their legacy security architectures. Young shared three ways agencies can stop lateral cyberattacks.
1. Create don’t trust zones
The older model upon which network security was built created zones with similar trust levels. Young recommended agencies stop assuming everyone and everything in a zone has that level of trust or even belongs there. According to Young, immediately distrusting components can radically strengthen agencies’ cybersecurity.
“Zero trust is about having areas where trust is not assumed, and then building up trust based on validation, identification and observation,” he said. “Trusting something because of where it resides is a legacy strategy, and it is no longer valid.”
Agencies can establish zero trust for their cloud computing environments, networks, servers, internet of things (IoT) devices and more.
2. Recognize human error
Accidents happen, and, in cybersecurity, humans often cause them. People make mistakes even with the best security education.
“People can’t be patched,” Young said. “There is a limit on how much we can expect them to be involved in security every day and to be flawless.” Often, government cybersecurity personnel are bombarded with seemingly unrelated security education information and policies.
Take telework, which has made their homes and offices interchangeable for many government employees. Going forward, agencies should accept and prepare for cybersecurity errors while teleworking.
“Insider threats aren’t just rogue people, they are most often unwitting attackers because their credentials or devices have been compromised,” Young said.
3. Construct context
According to Young, understanding the patterns and relationships their data have can boost agencies’ cybersecurity.
“We’ve been making too many of our security decisions based on the same small set of security event data,” he said. “This limited information is no longer enough. With a greater addressable pool of event data, this can be turned into information that can become security-relevant through associations. You can connect the dots quicker and stop attacks in progress.”
Using enterprise software solutions such as the ones Trend Micro, Inc. provides, agencies can improve their zero trust cyberdefenses. Ultimately, clearer intelligence helps agencies make more informed decisions before tackling threats. At their best, agencies can make these decisions automatically.
“Zero trust is about understanding your environment at any given point in time,” Young said. “Context is everything.”
This article is an excerpt from GovLoop’s recent guide, “Raising Agencies’ Cyber Intelligence.” Download the full guide here.