Last year, I discussed the “Summer of Security,” encouraging leaders to lean into zero-trust frameworks to tackle the shocking rise in ransomware and other cybersecurity threats that arise during the pandemic. Although there have been enhancements in cybersecurity technology, organisations must be consistently exploring ways to improve their existing infrastructure.
A zero-trust framework remains essential. It assumes that bad actors are always on your network and takes continuous action to prevent and address threats. It goes beyond network security to include user management, device management and application security. Constant currency valuation, role-based access control and location awareness are some of the fundamental zero-trust security features.
And yet, zero trust in itself is not enough. Instead, it needs to be part of a comprehensive cybersecurity solution that is a match for increasingly courageous, sophisticated threat actors.
In the first quarter of 2022, Ivanti’s Ransomware Index report revealed a 7.6 per cent increase in ransomware-related vulnerabilities and an alarming increase in activity by the Conti Ransomware Group. The report revealed 22 new vulnerabilities linked to the ransomware, bringing the total to 310.
IT and security teams were undoubtedly hoping for relief after the initial pandemic-fueled spike in ransomware attacks, but that’s clearly not the case. Continued growth is compounded by an unprecedented shortage of IT staff, so fewer people are trying to do more.
The road ahead
The zero-trust approach continues to be relevant in 2022. It is essential that companies adopt it to kickstart their cybersecurity journey. A three step approach – the MAP – to create a comprehensive, scalable and framework-aligned cyber security strategy that fits into the remote and hybrid workplace is the path to take.
Manage: In reference to the establishment of a fully known state, emphasising visibility for each endpoint, user, network and application, everywhere. This means knowing what and who is on your network, and how they are interacting and what information is being shared. Managing cybersecurity also means abandoning practices that increase risk, such as falling back on patching or allowing unmanaged devices to access your network.
Automate is about alleviating the burden of manual processes through automation. This could include inventory management, device onboarding, patching each application to its most secure state or any other repeatable process. Adding self-healing and/or self-service solutions can go even further towards alleviating the burden on your IT team.
Priority: It is about evaluating and resolving risk by giving IT the information it needs to go after the most critical vulnerabilities. Despite having a comprehensive automation practice, there will still be areas that demand IT intervention. Prioritisation can provide the necessary data and risk scores to enable a strategic and intelligent approach to risk response and remediation.
The MAP approach can reduce errors and mitigate risk while creating a more streamlined IT setting. This is win-win. And, this summer, everyone could use a win. The sooner you map your cyber security journey with a zero-trust framework, the sooner you can really enjoy summer.