Cybersecurity News - October 2021
What is zero trust?
In 2010, John Kindervag (who worked at Forrester at the time) introduced the concept of zero trust: trust nothing, verify everything. This strategy assumes that every device, user, system and location—inside or outside of the organization—cannot be trusted and needs to be verified.
Today, this strategy is a touchstone for how organizations approach security.
Source: Ram, Sree. Why implementing Zero Trust is more important than ever. Security Boulevard. July 23, 2021. https://securityboulevard.com/2021/07/why-implementing-zero-trust-is-more-importantthan-ever-before/.
Zero trust pushes past the enterprise to maintain security
The modern security environment includes remote users (many of whom are using their own devices) and cloud-based assets located outside of the enterprise-owned network boundaries. Organizations are increasingly turning to a zero trust security strategy because the network location is no longer seen as the prime component to the security posture. Zero trust goes beyond network perimeters to focus on users, assets, and resources to protecting resources (e.g., assets, services, workflows, network accounts), instead of just focusing on network segments.
How it works
To meet security demands, zero trust:
The zero trust concept addresses the reality of both the current and future work distributed, remote-work environments.
Identity and access management (IAM): one digital identity for each item and user
To administer user access across an enterprise and ensure compliance with corporate policies and government regulations, organizations use IAM tools and technologies to track each user’s role and activities and generate reports on those activities.
IAM defines and manages the roles and access privileges of network entities—both users and devices—with the objective of establishing one digital identity per individual or item.
The goal is to grant access to users and devices in a given context (e.g., onboarding and offboarding users and systems, permissions authorizations).
Learn more about IAM by visiting our Insights page at: https://www.unionbank.com/commercial/insights/fraud-prevention/identity-and-access-management-explained
Source: Strom, David. What is IAM? Identity and access management explained. Originally published by CSO Magazine. April 8, 2021. https://www.unionbank.com/commercial/insights/fraud-prevention/identity-and-access-management-explained
Cyber insurance as part of the ransomware crime cycle
According to the U.S. Government Accountability Office, as the risk of ransomware attacks increases, more organizations are opting for cyber insurance (from 26% in 2016, to 47% in 2020); meanwhile, breach insurance premiums are also increasing.
Successful breaches mean more ransomware attacks. Despite the urges of U.S. law enforcement to not pay ransoms, many organizations facing costly downtime and the implications of sensitive data going public choose to comply with attacker demands. However, paying ransoms equates to greater incentives for more attacks, perpetuating the crime cycle. Another layer adding to the ransomware situation: criminals also may target cyber insurance companies. The goal is to obtain insured client information to then target the insured organizations, knowing there is a higher likelihood they will pay ransoms.
To help handle a ransomware attack, organizations can get expert help from reputable consultants. These experts may be able to help avoid the need to pay a ransom by finding flaws in the ransomware or recovering the keys to decrypt data without paying the ransom.
Gnanaprakasam, Pandian. Ransomware and cyber insurance: What are the risks? Help Net Security. August 12, 2021. https://www.helpnetsecurity.com/2021/08/12/ransomware-cyber-insurance/.
Cybersecurity first: do your part. #becybersmart October is national Cybersecurity Awareness Month
Every October in the U.S., the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) and National Cyber Security Alliance (NCSA) lead observance of National Cybersecurity Awareness Month (NCAM). The 2021 theme focuses on empowering organizations and individuals to own their roles in protecting cyberspace. Highlights of this month’s promotions and outreach:
For more information about how to promote Cybersecurity Awareness month, visit the National Cybersecurity Alliance Stay Safe Online site: https://staysafeonline.org/.
Source: National Cyber Security Alliance. Stay Safe Online. https://staysafeonline.org/cybersecurity-awareness-month/theme/.
The information above is provided as a convenience, without warranties of any kind and MUFG Union Bank, N.A. disclaims all warranties, express and implied, with respect to the information. You are solely responsible for securing your systems, networks, and data. You should engage a qualified security expert to advise on your specific needs and requirements.
This Cybersecurity News contains news and information designed to help protect your company and employees.