Intelligent CISO Issue 61 - Page 68

decrypting myths are concerned about whether you can protect them , their data and your intellectual property ( IP ). We have seen clients reporting tens of millions to hundreds of millions of dollars to lost productivity or data .
Would we call this a relatively new phenomenon ?
Absolutely . I like to consider it the ‘ 21st century mafia ’, especially the ransomware side . Businesses can go out to the Dark Web and hire botnet companies to take down their competition , specifically on Black Friday or Cyber Monday . We see cybercriminal gangs and even some nation-states putting fake ads on Indeed and other websites , hosting for penetration testers and offering big bonuses if you get into organisations on their behalf . Essentially , these criminal organisations are hiring you to hack somebody and you are unknowingly being paid for criminal activities .
What is Zero Trust and why is it important to an organisation ’ s security posture ?
Zero Trust has been the buzzword for the past three years . It ’ s locking down your systems and environments , only allowing your users to do specific tasks . Basically , you ’ re allowing them zero trust to go outside the bounds of their job description and not handing out admin rights to everyone . The days of employees downloading and accessing every piece of software on their laptops or PCs are over , now you are only required to install what you need to .
Handing out admin rights gives hackers a foothold to get into the systems . It ’ s really locking it down , only giving relevant access to the server and taking all the other datasets away .
Looking at a hospital ’ s infrastructure for example , if someone doesn ’ t need to access its HIPAA requirements or PII data that needs to be kept confidential , you simply don ’ t allow access . Only doctors need to get to look at certain things or nurses need to look at certain things . X-ray technicians and others don ’ t need to be able to see certain histories .
What are the cybersecurity business benefits of a Zero Trust architecture and what steps can organisations take to protect workloads from zero-days and other unknown attacks ?
The greatest benefit of Zero Trust is that when incidents come in , the damage will be minimised as the breach is isolated and contained .
When we discuss workloads we consider virtualisation , applications and data . Virsec is a prime example of preventing that data becoming code . Stopping certain attacks from overflowing into other workloads or departments , by locking down access to users if they attempt to access unpermitted areas , is key .
It ’ s about really locking down databases , creating a purpose-built structure where the applications can ’ t go outside of their bounds .
How does Virsec help organisations to radically strengthen their security programmes , prevent attacks and eliminate dwell time with precise , continuous workload protection ?
Virsec offers five different layers of protection with host and file protection at its core . By allowing whitelisting , we create a positive security model by only allowing certain applications to run and behave a certain way . Any deviation
68 www . intelligentciso . com