Cybersecurity Awareness Month and the Need for a Zero Trust Architecture

While we at Plurilock™ know that cybersecurity is a year-round effort, October marks the 18th annual Cybersecurity Awareness Month, bringing awareness of the industry and its importance in keeping critical infrastructure and assets safe.

Once again this year, there has been a continued increase in cyber attacks, including several high-profile attacks like Kaseya , the Colonial Pipeline , JBS Meats , and the most recent ransomware attack on the Sinclair Broadcast Group . With estimates that global cybercrime is expected to reach $10.5 trillion annually by 2025 , the conversation on cybersecurity is more crucial than ever.

In May of this year, the U.S. White House administration called for changes to the nation’s cybersecurity infrastructure, releasing an executive order (EO)  outlining enhanced protections for agencies and its intentions to work with the private sector as a means for instituting a zero trust architecture (ZTA). Following that order, the National Institute of Standards and Technology (NIST) selected 18 private-sector companies  for a partnership tasked with, among other things, designing and implementing a ZTA based on the existing NIST 800-207 guidelines .

Despite the positive progress at the governmental level, companies are still increasingly vulnerable, with more than 1,291 breaches reported   thus far in 2021. Those vulnerabilities have been amplified by the shortage of cybersecurity talent, with 3.5 million cyber jobs going unfilled  just this year alongside the massive move to a remote workforce.

Having strong passwords and a firewall is no longer enough to keep attackers from breaching an organization’s network.

The changing authentication paradigm & zero trust

Having strong passwords and a firewall is no longer enough to keep attackers from breaching an organization’s network. Phishing, ransomware, and credential compromise attacks are becoming more sophisticated. The increase in remote work leaves security gaps that were once filled by physical controls and IT teams in an office setting. To combat these challenges, companies across industries need to establish systems that continuously authenticate users throughout the day.

Continuous authentication in a ZTA ensures that even if an account or password is compromised, an attacker can be flagged and prevented from exfiltrating data or causing damage to an organization’s network. The shift from existing authentication and security paradigms to a zero trust model will not be instantaneous. Still, companies can take steps today to align with ZTA requirements by implementing next-generation cybersecurity tools and controls.

With zero trust, the underlying premise is that you can “trust no one” operating within the organization’s network, even those internal to the company with privileged credentials. As outlined in one of Plurilock’s recent blog posts, other critical elements of a ZTA include:

  • Authentication based on identity, context, and risk

  • Authentication before access is given, and then continuously afterward—without adding end-user friction

  • The ability to access resources from any location or platform so long as identity and the transaction are authenticated

A true ZTA is multi-layered and requires an ecosystem of tools working together to ensure that systems are protected. Plurilock’s continuous authentication technology fills a unique and missing piece of the zero trust puzzle, helping your organization to operate without the usual “we have no choice but to trust at least some of the time” compromises that are inherent in old credential and security models.

For this Cybersecurity Awareness Month, take the time to learn more about zero trust and the benefits it can bring to your organization’s security posture.

Disclaimer
The NIST’s SP 800-series publications are guidance documents. They should not be interpreted as altering or superseding the existing authorities of the Secretary of Commerce, Director of the OMB, or any other federal official. ■

Sources

  1. https://www.cisa.gov/cybersecurity-awareness-month

See Plurilock in action