Although data breaches happen to corporations, the impact ultimately affects normal citizens like you and me. When we fall victim to credit card breaches, the associated anxiety and uncertainty is not addressed beyond proffered, free credit watch and protection services. Our personal email accounts are also at risk of misuse.

According to CNN, a recent call center bust revealed that scammers had acquired user information from trusted systems and leveraged that information to trick victims into thinking they owed money to the government. The criminals behind it made about $150,000 per day with the scheme. But what can we in the security industry do about it?

Implementing the Zero Trust Model

Organizations must establish frameworks and execution plans for security. That likely means embracing the zero trust model for security.

According to a National Institute of Standards and Technology (NIST) report titled “Developing a Framework to Improve Critical Infrastructure Cybersecurity,” zero trust security requires IT teams to abandon the old paradigm of “trust but verify.” Instead, security professionals should verify but never trust. NIST built on the zero trust framework to guide corporations in their efforts to build, monitor and manage robust security infrastructures.

The zero trust model requires all resources to be accessed securely regardless of location. This can start with low-impact, cost-friendly projects, such as software-defined wide area network (SD-WAN) solutions, to encrypt and securely transmit data over a network. Create network segmentation by leveraging virtualization technologies or network design, and establish access controls based on trust. Use a network security solution, cloud access security broker (CASB) and other vendor technologies to secure, inspect, block and tackle intrusion attempts.

When implementing the zero trust model, IT leaders should strictly enforce access control with a policy of least privilege. This involves identifying users and systems and explicitly providing access to trusted applications, networks and data rather than applying blanket privileges. Adopt policies to validate continuing user access, such as continuous business need (CBN) and quarterly employment verification (QEV). Use that as a basis to monitor user access and the life cycle from creation to deletion. Track changes that result from users moving between departments.

Approaching Access Management

It’s critical to monitor access and privileges and record adjustments as users’ roles change. For example, when an employee leaves a company, the IT team should withdraw all access from that individual. An access management solution can help identify employees who require access to resources, track their usage and provide personal accountability. IT teams can create privileged user activity monitoring and audit solutions by combining access management with a security intelligence solution or service.

With the increased use of cloud comes a slew of risks related to shadow IT. It is important to implement monitors to identify and track the movement of critical data residing in sanctioned IT locations, including on-premises. We can start to solve the problem of shadow IT by leveraging a CASB solution to discover corporate connections to and from data in the cloud. Through identity access federation, CASB technologies can secure transmission and offer protection to help customers prevent businesses or users from creating shadow IT, and enable them to securely leverage sanctioned IT.

Rethinking End-User Security

Given the rise of bring-your-own-device (BYOD) policies in the enterprise, it’s critical to examine cloud access and protection strategies. In the days of static desktops and client server access, all end users were housed within a defined and trusted corporate network perimeter. IT managers could minimize the risk by simply protecting the perimeter.

With the progression of mobile and cloud technologies, however, the enterprise expanded, becoming a combination of trusted and untrusted users and devices. This makes it difficult for companies to track the movement of sensitive data and causes vulnerabilities to proliferate beyond the perimeter.

One way to control user access is to use a virtual desktop infrastructure (VDI). All corporate transactions occur through the VDI, which can be secured using advanced endpoint security solutions. IT teams can mitigate risks by channeling the user access to corporate IT assets, such as data centers and cloud networks, through a secure VDI. This also helps to track the movement of sensitive data and plug vulnerable spots in the network.

Managing Risks

Every corporation should incorporate a risk management program and conduct periodic reviews to measure the effectiveness of the adopted framework. IT leaders must also implement measures to assess the maturity of the process and the users adopting it. By following a step-by-step procedure, basic security measures can mature into fully optimized management and monitoring processes.

Savvy organizations should also maintain a rigorous employee education program to provide comprehensive training on endpoint and social network usage, among other things. The right program highlights the risks of devices and offers best practices to minimize that risk. If your company does not have one, consider starting one internally.

Finally, remember that you should never place security in a commoditized services bucket. Clients should embark on a journey to enable and update a comprehensive security policy.

Register for the webinar: Zero Trust Security for the Infrastructure and Endpoint

More from Endpoint

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…

3 Reasons to Make EDR Part of Your Incident Response Plan

As threat actors grow in number, the frequency of attacks witnessed globally will continue to rise exponentially. The numerous cases headlining the news today demonstrate that no organization is immune from the risks of a breach. What is an Incident Response Plan? Incident response (IR) refers to an organization’s approach, processes and technologies to detect and respond to cyber breaches. An IR plan specifies how cyberattacks should be identified, contained and remediated. It enables organizations to act quickly and effectively…

Deploying Security Automation to Your Endpoints

Globally, data is growing at an exponential rate. Due to factors like information explosion and the rising interconnectivity of endpoints, data growth will only become a more pressing issue. This enormous influx of data will invariably affect security teams. Faced with an enormous amount of data to sift through, analysts are feeling the crunch. Subsequently, alert fatigue is already a problem for analysts overwhelmed with security tasks. With the continued shortage of qualified staff, organizations are looking for automation to…