Take cybersecurity out to where employees and data are coming together
Cybercriminals are keenly aware that users are constantly switching between personal and corporate devices, or even blurring the lines between the two. Thanks to cloud technologies, we’ve made huge convenience and productivity gains, but every time we are using these devices, we’re opening the door to potential attacks and exploits.
The trouble is that security is trapped in a vicious game of cat-and-mouse. A breach is discovered, a fix is developed, and the cycle repeats itself. In an industry that is set to have millions of unfilled job vacancies, the solution isn’t to throw more people at the problem, because we simply don’t have them.
A new layer of assurance
We need to radically change how we manage access rights, identity, and permissions on corporate networks. Organizations no longer have a clearly defined perimeter between themselves and the rest of the Internet, and so thinking in those terms is no longer useful. Instead, focus on finding ways to take cybersecurity out to where employees and data are coming together. Zero trust is one way of doing that. Using a guiding principle of “never trust, always verify,” it builds in an additional layer of assurance that users are granted access only to specific data or documents they are authorized to see. They can’t access anything else.
Many data breaches occur from within the business, whether explicitly by employees or by threats that have infiltrated the network. If you’ve already got access to the whole network and the keys to the kingdom, data exfiltration is very straightforward to carry out. What’s more, if there are no data loss prevention technologies in place, the business might not even know it’s happened. Zero trust combats this by removing access from anyone and everyone until identity controls make certain who they are. However, if security tools don’t easily fit how employees get work done, they’ll seek insecure and unofficial workarounds, leading to major shadow IT problems and opportunities threat actors can exploit.
https://www.helpnetsecurity.com/2022/09/20/networking-security/
Your Comment :