If the answer’s yes, well then you can rest assured knowing that you’re not alone.
Before the most recent lockdown in Sydney, CIOs, CSIOs and senior tech leaders attended a Zero Trust executive lunch where they heard that ‘trust’ is arguably the biggest cyber threat facing organisation's today.
“Trust is a dangerous vulnerability that is exploited by malicious actors”, Palo Alto Networks cyber advisor Riccardo Galbiati told attendees. It’s a sad reality, which has been brought inter starker relief throughout the pandemic with droves of workers either forced to, or increasingly choosing to work from home beyond the traditional network perimeter.
This has led to a huge surge in the number of phishing, ransomware and other attacks as malicious actors – both criminal and state-based – seek to exploit the situation by preying on the very trust that’s been so necessary to support the exodus.
For the past 18 months, the ability of staff to pop their heads above the office partition to confer with colleagues about unusual messages and / or requests say for passwords or other log in details from senders purporting to be within the organisation has gone.
We’re now in a completely different work environment thanks to COVID-19, one which is expected to become increasingly the norm, even once the bug is finally crushed, whenever that may be.
And central to this ‘new reality’ is the need for far greater vigilance than ever before in blocking malware from penetrating a now vastly wider attack surface.
As Riccardo Galbiati stressed at a recent lunch roundtable on cyber security, “no more chewy centres”.
So what does zero trust mean and look like?
While we’re well into the 21st century and part of a digitally driven world that would be unrecognisable to people 50 or even 25 years ago, the fundamental concepts of zero trust are much older than that.
As the great British explorer and writer, Rudyard Kippling wrote in ‘The Elephants Child’: “I keep six honest serving-men. They taught me all I knew; Their names are What and Why and When and How and Where and Who.
These old tenets are the basis of ‘Zero-trust network access’ (ZTNA), one of the leading policy frameworks for achieving a genuine zero trust posture across all digital communications networks and systems.
They should also go hand-in-hand with development of secure access service edge (SASE), which is a cloud based service that combines network and security functions with WAN capabilities to support the dynamic, secure access needs of today’s hybrid organisations.
‘Who’ refers of course to ‘authentication’, which needs to take account of the user’s identity, multifactor identification and device location.
‘What’, ‘when’ and ‘where’ is about ‘authorisation’, which is all about device compliance, application and access control.
And the questions ‘why’ and ‘how’ need to be asked in the context of ‘inspection’, which introduces data loss prevention, threat prevention and ultimately allowing a decision to be made.
Having a robust cyber security posture amid the ‘new reality’ thrust upon us all by the pandemic demands absolute vigilance around ‘zero trust’. And, more than ever, it also requires a degree of creativity mixed with common sense.
These are after all crazy times indeed.
Survivorship Bias
And while we’re all probably a little tired of, even bored, with the endless analogies being made with wars and others crisis from the past, there is one that stands out as especially relevant for any CSIO or CIO charged with guarding the perimeter today.
During the dramatic air battles playing out in the skies above the Pacific between Japanese and US planes, American airmen stationed on the ground noted a similar pattern of ordnance damage sustained by planes returning to base to refuel and reload.
Naturally, they then set about attaching greater reinforcement to these specific areas in the hopes of stemming the heavy losses. But to no avail.
At a loss, the US military commissioned an elite group of mathematicians later known as the Statistical Research Group. Among them was Albraham Wald, now famous for presenting the concept of ‘Survivorship Bias’, which explained the tendency to reinforce damaged areas.
After reengineering the problem he discovered the best course of action was to bolster the areas without damage, because – and this is so cool – it was the bombers hit in these areas that never made it back.
With today’s massively heightened cyber security tempo, your organisation needs to be alert to every possibility and have zero trust to staff protected and safe.
As a leading provider of business technology solutions, Enablis has a deep understanding of the importance of effective cyber security in today’s fast-evolving digital world. Connect with us today and start a conversation about how to create the best security framework for your organisation.
Ask the Author