What is zero trust and how it helps prevent cyber attacks

Spread the love

This form of data protection implies assuming that the information that is protected is always at risk of being violated

What is zero trust and how does it help prevent cyber attacks

This form of data protection implies assuming that the information that is protected is always at risk of being compromised. (photo: iProUp)

Since 2020 various types of companies began to make a massive migration from stores and physical offers to online services thanks to the cloud However, the change in the environment in which the activities are carried outof these businesses, small, medium and large, raised doubts regarding the securityoffered by the internetfor their operations and not being harmed by bad online agents.

In the case of cyber attacks, those based on the “password spray” modality, which consists of the persistent use of the same password in several accounts, they increased by 230% and of the total number of cyberattacks, 91% initiated through an email.

However, the most used method between 2020 and 2021 was phishing, which consists of the impersonation of an entity, company or person by cybercriminals so that victims voluntarily hand over their access codes to different profiles and services on the Internet. Last year alone, for example, 160,000 websites related to phishing attacks were shut down by Microsoft.

What is zero trust and how does it help prevent cyber attacks

A total of 160,000 websites related to phishing attacks were closed by Microsoft in the year 2021 alone. (AFP)

As a result of this, companies such as the technology giant promote the adoption of security systems based on a strategy called Zero Trust, which implies assuming that any process that is protected is not really protected and, therefore, can be attacked by malicious agents.

The premises of Zero Trust in cybersecurity

According to the American company, the principles of this form of information protection imply:

– Verify explicitly: It is necessary that each person who enters the system is authenticated and authorized in each of the possible data, which includes the identity of the user, their location, the status of

What is zero trust and how does it help prevent cyber attacks

Two-factor authentication increases user security and prevents unwanted people from entering a profile. (photo: Ubunlog)

the device, the service or workload, the data classification and anomalies that may occur during its working period.

– Use access with the least privilege: The systems must allow users to do what is fair and necessary so that they can carry out their work with normally, so that information is not lost and productivity is considered.

– Assume the breach: In the event of a security breach of the company's systems, the first thing to do is to minimize the amount of damage that can be done. Once this is achieved, work must be done to promote the early detection of possible threats to avoid new breaches.

According to Marcelo Felman, director of Cybersecurityfor Latin America at Microsoft, “it is important to invest in tools and capabilities that limit information loss and constantly monitor any data leaks or exposures.” It should be considered that computer attacks also influence the way customers perceive the security and reliability of a business.

Five steps to implement the cyber security with Zero Trust

– Strengthen credentials:The use of multi-factor authentication, which allows verification of user identity, is very important for the protection of the company's digital infrastructure. Managing strong passwords is key and if biometric access is used, rigorous identification is ensured for all workers.

What is zero trust and how does it help prevent cyber attacks

Strengthening passwords is an important step in increasing the protection of company systems from possible cyber attacks. (photo: La Manzana Mordida)

– Reduce the attack surface:The old protocols are useless in case of violations. It must be kept updated, automated and secure. It is also possible to adopt cloud authentication and exercise greater control over administrative access to company resources.

– Automate response to threats: In the event of security breaches, it is good to have ready ways to counter-arrest the problem by regularly changing passwords securely rather than letting a user deal with it on their own and with a key too simple.

– Use intelligence from the cloud: Companies can invest in the use of intelligence and security systems within the organization's system. It is also possible to strengthen security policies within companies.

– Empower employees with self-service: Organizations can implement autonomous password restoration, in addition to providing access to groups, applications and providing users with secure repositories for downloading material necessary for their professional development.

Posted in Uncategorized