Zero Trust’ True Effectiveness is Addressing Internal Threats
A recent cybersecurity-related article from Thehill.com makes a great point: “the global pandemic accelerated business, government, and personal activity moving to digital networks, growing the potential attack surface and possible points of entry for cybercriminals.
Cyberthreats and online attacks grew exponentially when the public sector was forced to conduct more of their business online and reach their now-remote employees over unsecured personal devices outside of traditional network firewall safety.
It was a cybercriminal feeding frenzy and proprietary government data was the chum that attracted the hungry sharks.
Zero Trust Policy Becomes Government Mandate
The White House made it official. Federal agencies were required to adopt the “zero trust” cybersecurity concept: a security framework requiring all federal workers to be authenticated and continuously validated at every stage before granting access to proprietary data and applications.
While you may feel secure guarding the gates of your cyber castle, don’t look now, but the biggest threats may be internal. Verizon said in 2021 that almost one-quarter of all cyber security incidents were from insiders. Earlier in 2016, IBM claimed that insiders were as many as 60% of all cyber threats.
Zero trust can actually be more of an internal threat safeguard than from external threats. Insiders have the opportunity, means, and motive. External cyber attackers are limited only to the motive.
SolarWinds is a Cybersecurity Game Changer
The massive 2020 SolarWinds attack which affected nine major federal agencies, as well as 100 prominent private sector businesses, exposed the major threat of third-party entities attacking and compromising government data.
The GAO reviewed the damage done from the SolarWinds attack and noted how “trojanized’ hidden code was included in SolarWinds software updates. The cyber attackers had discovered an ingenious backdoor into many prominent government computer networks. Seemingly benign software updates turned into a super-malignant digital cancer running amok through federal networks.
The Hill article declares an alarming statistic: “a cyberattack occurs in the US every 39 seconds.” Government agencies' biggest cybersecurity challenge will be protecting government data through an increasingly remote workforce, finding a way to extend security protections outside the relatively safe federal network environments. Always be wary of outsider threats, but not at the neglect of insider threat vigilance.
Read The Hill cybersecurity article: