Zero Trust in the supply chain: Authentication is in.
Gartner predicts that by 2026 just 10% of large enterprises will have Zero Trust protocols in place. Which means 90% of organizations will still be vulnerable to these hacks. Can you afford to be one of them?
Zero Trust changes the way you authenticate users, moving security from just at the perimeter to multiple places within your network. With local, cloud-based and hybrid networks powering your data, robust security measures ensure all users are authenticated, authorized and continuously validated before being allowed access to data and, subsequently, during the continued use of data.
And Zero Trust is a critical stance to take not just in your enterprise, but in all the enterprises with whom you share information. All it takes is for one bad actor to wheedle its way into your supply chain.
A brief look at what Zero Trust is.
The traditional approach to security automatically trusted users and endpoints within the organization’s perimeter. If you got past the perimeter, you had access to the entire system, depending on your credentials. Once someone’s credentials are compromised, unauthorized actors can feast on your data. The acceleration of distributed work environments due to COVID increased risk significantly.
In contrast, Zero Trust architecture requires organizations to continuously monitor and validate that a user and their device has the right privileges and attributes. One-time validation is no longer effective, because threats and user attributes are all subject to change. With Zero Trust, users have to revalidate their credentials over and over again the further and further they get into data. The government is on course to achieve full Zero Trust status by 2027, but you can get there before then if you have a strategy in place.
Hackers love your supply chain, perhaps even more than you do.
You trust and value your supply chain. Their software or services streamline your operations, extend your capabilities, reduce costs and more. Hackers rely on your trust of third-party vendors to get to your data.
Suppliers are often smaller companies with less robust security in place. By adding malicious code to your vendor’s trusted software, bad actors can turn around and attack vendors and customers simultaneously. The risk increases when you consider data leaks at the vendor’s end, their use of internet-connected devices and reliance on the cloud to store data.
In 2013, Target was breached by cybercriminals. But they didn’t hack Target directly. They hacked their HVAC contractor who had inferior security and a shared network with Target. SaaS offerings and cloud hosting also create security issues for companies like Target.
While you can’t continuously scour all of your vendors’ software or control the behaviors of their employees, you can be aware of their practices and keep your precious data safe by limiting access to your organization through Zero Trust.
Half of all manufacturers may be a target this year.
The 2019 Verizon Data Breach Report revealed that 50% of manufacturers had suffered a data breach in the previous 12 months. The most commonly compromised breaches include credentials, internal operations data and company secrets. Overall, manufacturing can claim 23% of all attacks, making it the most targeted business sector—even bigger than finance. After an attack, manufacturers’ systems are down for an average of five days.
AP Moller-Maersk is one of the world’s largest shipping providers. In 2017, their local office servers—then the entire company—were stifled by a ransomware attack. It came in through third-party accounting software. Moller-Maersk had to reinstall 400 servers, 45,000 PCs and 2500 applications. The damages were estimated between $250-300M. It is considered the most devastating cyberattack in history.
Monitoring Zero Trust is key to implementation.
With constant changes to the network, new users and change over time, any system can drift out of alignment—and cybersecurity. Monitoring your Zero Trust architecture can not only keep you in alignment, but also make incident detection and resolution quicker, which can be invaluable to your bottom line if the worst happens.
Zero Trust and contested communications.
CIS Secure is the world’s leading security integrator of collaboration solutions that protect contested communications of within the defense, intelligence, and homeland security communities. We are part of the government’s supply chain and we have a supply chain of our own. We use Zero Trust architecture in our networks and we build a Zero Trust capability into the secure communications devices used by our customers. To learn more about our mission-driven communications and cybersecurity solutions, contact us us today.