The cybersecurity landscape is always changing: new threats, cybercriminal gangs, state-sponsored attacks and vulnerabilities in our systems are being found every day. In the last six or so years a record number of vulnerabilities have been formally announced in applications. These are the vulnerabilities that can leave your computers and networks open to attack by cybercriminals. Last year around 20,000 such vulnerabilities were announced. We are becoming more dependent on IT than ever before, and that makes us more vulnerable too.
“Zero trust” is just controlling what can happen on your machines and across your network. The opposite of this is what we’re doing right now, where any app you download is theoretically allowed to run in and out of your system. You wouldn’t give anyone the keys to your front door, so we restrict those privileges to computer systems and give the keys only to those that need them.
I do not believe there is one solution that can stop every cybersecurity attack and keep you 100 per cent safe. If anyone says that, they’re lying. What a zero trust mindset and a zero trust architecture can do is to help to make you less vulnerable, and to prevent and mitigate a large amount of these attacks.
We do this with five components: allow listing, allowing only what you need and blocking everything else; ring fencing, once you’ve chosen what you need to run, limiting what it can do because often established apps are being infiltrated and weaponised against systems; elevation control, taking away administrator rights from users but allowing them to still run specific apps as an administrator; we’ve then got our storage control, which is a great way to be able to essentially control the flow of data, whether that be through USB sticks or which applications can access your data; and finally, network access control, which is an on-device firewall.
The Ultimate Guide to Hardening Windows ServersBy ThreatLocker
These types of zero trust systems have become much easier to deploy, something vendors such as ThreatLocker have prioritised along with ease of administration. We can get set up across a complex system and protect it in just two weeks, minimising the disruption to operations. Our processes and systems have developed to match the increasing ease with which cyberthreats can now be deployed.
On the internet you can ingest a huge amount of information very, very quickly. The downside is you can share a huge amount of information really, really quickly. With that comes the ability to share exploits and vulnerabilities, and to tell people how they work. If you are an IT administrator, this is great because you can share information about threats and protect your systems better, but if you are an aspiring cybercriminal or hostile state it means you can purchase ransomware attacking kits, you can purchase exploits, you can purchase hackers for hire. This is the kind of thing that I’m keeping an eye on, because it’s become a lot easier now to attack machines because of the wide amount of information or help that is out there.
There has also been a sudden increase in state-sponsored cybersecurity attacks since the Russian invasion of Ukraine as part of the “hybrid-warfare” that is being used against both Ukraine and its allies. In the hour before the invasion began in February, Russia launched a Europe-wide attack, disrupting communications and energy infrastructure.
We’ve also seen a big increase in attacks by cyber-gangs, some of which are state-sponsored. For example, Conti, which recently hit the Costa Rican government and took down the Irish health service, was revealed to have worked with Russia. Predominantly, these attackers are going to be using things like exploits and vulnerabilities to get into your machines and wreak havoc. Companies and organisations could struggle to get insurance and would lose the trust of their customers and citizens if they could not protect them.
That protection approach needs to assume that while people can be trained better to recognise threats, they are still the weakest point in any system. Humans are the best thing to happen to technology and the worst thing to happen to technology. I often say that if you want to make something more secure, remove the human from in front of the computer. The problem is we need humans to be in front of the computer.
That’s why it is important to have a strong set of defences that do not depend on that person being aware and up to date with the latest threats. For us, that means zero trust systems at the foundation, blocking cybercriminals before they do anything, with anti-virus software, and it means detection and response measures providing depth of defence.