Although data breaches happen to corporations, the impact ultimately affects normal citizens like you and me. When we fall victim to credit card breaches, the associated anxiety and uncertainty is not addressed beyond proffered, free credit watch and protection services. Our personal email accounts are also at risk of misuse.

According to CNN, a recent call center bust revealed that scammers had acquired user information from trusted systems and leveraged that information to trick victims into thinking they owed money to the government. The criminals behind it made about $150,000 per day with the scheme. But what can we in the security industry do about it?

Implementing the Zero Trust Model

Organizations must establish frameworks and execution plans for security. That likely means embracing the zero trust model for security.

According to a National Institute of Standards and Technology (NIST) report titled “Developing a Framework to Improve Critical Infrastructure Cybersecurity,” zero trust security requires IT teams to abandon the old paradigm of “trust but verify.” Instead, security professionals should verify but never trust. NIST built on the zero trust framework to guide corporations in their efforts to build, monitor and manage robust security infrastructures.

The zero trust model requires all resources to be accessed securely regardless of location. This can start with low-impact, cost-friendly projects, such as software-defined wide area network (SD-WAN) solutions, to encrypt and securely transmit data over a network. Create network segmentation by leveraging virtualization technologies or network design, and establish access controls based on trust. Use a network security solution, cloud access security broker (CASB) and other vendor technologies to secure, inspect, block and tackle intrusion attempts.

When implementing the zero trust model, IT leaders should strictly enforce access control with a policy of least privilege. This involves identifying users and systems and explicitly providing access to trusted applications, networks and data rather than applying blanket privileges. Adopt policies to validate continuing user access, such as continuous business need (CBN) and quarterly employment verification (QEV). Use that as a basis to monitor user access and the life cycle from creation to deletion. Track changes that result from users moving between departments.

Approaching Access Management

It’s critical to monitor access and privileges and record adjustments as users’ roles change. For example, when an employee leaves a company, the IT team should withdraw all access from that individual. An access management solution can help identify employees who require access to resources, track their usage and provide personal accountability. IT teams can create privileged user activity monitoring and audit solutions by combining access management with a security intelligence solution or service.

With the increased use of cloud comes a slew of risks related to shadow IT. It is important to implement monitors to identify and track the movement of critical data residing in sanctioned IT locations, including on-premises. We can start to solve the problem of shadow IT by leveraging a CASB solution to discover corporate connections to and from data in the cloud. Through identity access federation, CASB technologies can secure transmission and offer protection to help customers prevent businesses or users from creating shadow IT, and enable them to securely leverage sanctioned IT.

Rethinking End-User Security

Given the rise of bring-your-own-device (BYOD) policies in the enterprise, it’s critical to examine cloud access and protection strategies. In the days of static desktops and client server access, all end users were housed within a defined and trusted corporate network perimeter. IT managers could minimize the risk by simply protecting the perimeter.

With the progression of mobile and cloud technologies, however, the enterprise expanded, becoming a combination of trusted and untrusted users and devices. This makes it difficult for companies to track the movement of sensitive data and causes vulnerabilities to proliferate beyond the perimeter.

One way to control user access is to use a virtual desktop infrastructure (VDI). All corporate transactions occur through the VDI, which can be secured using advanced endpoint security solutions. IT teams can mitigate risks by channeling the user access to corporate IT assets, such as data centers and cloud networks, through a secure VDI. This also helps to track the movement of sensitive data and plug vulnerable spots in the network.

Managing Risks

Every corporation should incorporate a risk management program and conduct periodic reviews to measure the effectiveness of the adopted framework. IT leaders must also implement measures to assess the maturity of the process and the users adopting it. By following a step-by-step procedure, basic security measures can mature into fully optimized management and monitoring processes.

Savvy organizations should also maintain a rigorous employee education program to provide comprehensive training on endpoint and social network usage, among other things. The right program highlights the risks of devices and offers best practices to minimize that risk. If your company does not have one, consider starting one internally.

Finally, remember that you should never place security in a commoditized services bucket. Clients should embark on a journey to enable and update a comprehensive security policy.

Register for the webinar: Zero Trust Security for the Infrastructure and Endpoint

More from Endpoint

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read

X-Force Identifies Vulnerability in IoT Platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

4 min read

X-Force Prevents Zero Day from Going Anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…

8 min read

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

12 min read - ‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

12 min read