Taking a Cold War approach to cybersecurity

NTT Brand Post Hero Image
Supplied by NTT

What does the Cold War, which ended almost three decades ago, have to do with modern IT security practices today?

For one, we are seeing a rapid escalation in the arms race – in our case that is digital threats, not nuclear weapons. However, the potential outcome is still significant damage and harm on a global scale.

Two, disruptive events have created the conditions for tension and threats to thrive. Then it was the end of World War II, now it’s the impact of COVID-19.

Finally, greater vigilance, visibility and analysis are just as critical now in managing the risk and preventing or limiting any attacks.

During the Cold War, US President Ronald Reagan adopted a signature phrase – ‘trust, but verify’ – in delicate negotiations with the Soviet Union. This was a great framework to ensure that both East and West complied with the conditions of the nuclear disarmament treaties.

The existential threat on the world from the acceleration of the nuclear arms race during the Cold War has parallels today in business with the acceleration of digital transformation in response to COVID-19.

This rapid digital transformation has increased the surface area for cyber attacks and further eroded the traditional perimeter of the enterprise network, exposing significant weaknesses as security measures struggle to keep pace with the rate of change.

We no longer have a clear ‘East’ and ‘West’ dichotomy of who or what is inside and outside the enterprise network.

“We have distributed working environments and user devices, web services and APIs, automation, IoT, cloud-based services and applications, and other services and connections. This has completely blurred what we once thought of as the network perimeter,” says Cisco ANZ director of cybersecurity Steve Moros.

Absolute security has always been an impossible goal, but we need to adopt a new framework to truly minimize business risk. We are now in a digitally transformed world that has created a completely dynamic environment where a static trusted state can never be assumed.

That requires a rethink of Reagan’s mantra. Now we need to take a ‘verify, and keep verifying’ approach. This zero-trust attitude to network security means that we don’t make any assumptions, and we have to continually authorise and protect organisations and their people, their assets and their workloads.

There are some significant ways in which business environments have been fundamentally changed this year that reinforce the need to adopt a zero-trust model for IT security.

Many organisations are now operating with a more permanent remote workforce. These workers are being increasingly targeted by cybercriminals. With a larger remote workforce, compromised credentials will continue to be the predominant line of attack for cybercriminals. The risk from phishing attacks has grown exponentially with the sudden escalation in remote workers accessing corporate services and data via their home connections. We’ve seen successful ransomware and crypto-jacking attacks launched from a user’s device from malware inadvertently downloaded from an email attachment or via a weblink.

Businesses are relying more than ever on web and cloud-based applications and systems. From data gathered during 2019 for NTT Ltd.’s 2020 Global Threat Intelligence Report (GTIR), application-specific (40%) and web-application (20%) attacks dominated in Australia, accounting for nearly 60% of all attacks combined. Those rates have continued to climb since January 2020.

Organisations are more exposed than ever due to known vulnerabilities remaining unpatched, allowing old versions of malware like WannaCry and Conficker to continue causing damage. According to GTIR, the most targeted vulnerability in Australia was OpenSSL (CVE-2017-3731) which has had patches available for over two years.

Without a zero-trust approach, there are greater opportunities for threat actors to infiltrate an organisation and remain undiscovered. Without early detection and visibility or continuous verification, once the hacker has access, we are assuming we can trust them. In this environment, sophisticated hackers have far more time to plan out a long-term approach and sequence a set of ways to breach the environment after their first attack is discovered. That’s leading to second and third wave attacks that can be devastating for an organisation.

It’s critical to have comprehensive, real-time visibility and the ability to apply context and share actionable intelligence across the entire corporate ICT environment, to best address the advanced persistent threats that are prevalent today. Having zero trust in place removes much of the guesswork in protecting your infrastructure from all potential threats, including mobile devices, you can read how to mitigate risk in this zero-trust whitepaper.

It is also essential to implement infrastructure, applications, and operations that are secure by design. By adopting a zero-trust framework, organisations can identify and verify every person, device, and application trying to access their infrastructure. This means deploying a layered defence, continually authenticating users, and managing and controlling devices, maintaining visibility of the applications and, through segmentation, limiting where workloads can run throughout the network.

Trust is a natural human need, and it plays a fundamental role in how we interact and communicate, helping to bring an end to the Cold War with the fall of the Berlin Wall. In today’s world, we still need to create a trusted environment, but this is increasingly difficult as digital transformation accelerates at pace. To secure the fluid and dynamic environment our enterprises operate in today, we need continuous verification.

In other words, ‘verify, and keep verifying’!

Copyright © 2020 IDG Communications, Inc.