Intelligent CISO Issue 53 - Page 81

talking transformation

hHow have threat actors capitalised on traditional network security architecture ?

Since the pandemic , there has been a shift in perception around traditional security network architecture . While the traditional model was that of a secure perimeter which housed assets and users inside – all protected by technology – the shift to a remote or hybrid workforce means that perimeter no longer exists and neither does the safety net . In addition , employees are accessing more cloud applications to do their work from wherever they are based .
Attackers are capitalising on this knowledge and using this new environment to access applications – whether via phishing attacks , injection attacks or through access credentials that they ’ ve been able to harvest .
How has the rise of cloud impacted security approaches ?
Cloud is an excellent enabler for businesses , providing opportunities to quickly expand , develop and test new applications and services far more effectively than with traditional on-prem assets .
However , the new ease of use and the ability to deploy at scale and at pace creates additional pressure on security to keep up . Security can often get bypassed in the race to push out a new application , with only minimal controls in place , which could create a wider attack surface .
Users and applications are no longer defined by location . As a result , we can no longer use traditional perimeter-based security practices and it can significantly hinder progress if we try to do so .
How confident do you believe CISOs are regarding their employees ’ ability to apply sound cyber judgement ?
A recent Gartner report highlighted that 88 % of CISOs said they were not confident in this regard . It ’ s important to remember that when it comes to security , employees such as accountants , lawyers , nurses , salespeople and call handlers are being asked to identify clever criminal activity – something that is well outside of their normal job function . A one-hour training session every six months is not really going to move the needle in terms of effective detection of malicious activity . We should focus on trying to ensure that we can provide the best available environment for our employees to work in .
What are the principles of Zero Trust and how challenging is it to achieve ?
A greater number of companies have expressed an interest recently in taking a Zero Trust approach , in addition to getting a greater understanding of what it entails .
Zero Trust means removing location as an arbiter of trust in the corporate world – which means that being in the office does not grant you more trust than if you are connecting from your home . It also means that every request to use an application must be authenticated .
Akamai ’ s Director of Security Technology and Strategy , Richard Meeus
Continuous authentication and authorisation is an important aspect of Zero Trust , to check whether the individual is exactly who they say they are and is entitled to access those given assets . www . intelligentciso . com
81