Zero-Trust Key To Foiling Insider Cyber-Threats

Cyber-Protection Magazine reports that more than two-thirds of businesses have experienced increasingly frequent insider threats in the past year, and advises a zero-trust approach to cybersecurity. Zero-trust ensures that only people who are trusted have access, and uses continuous validation to keep systems secure.

According to the Verizon 2022 Report, a big majority of ransomware breaches result from stolen credentials used to take over employees’ devices and use them to scan file shares, escalate privileges, and infect other systems.

The Practice Director of a cybersecurity firm quoted in the Cyber-Protection article says that many businesses are too trusting of their employees, allowing everyone to have access to confidential information such as HR documents and financial spreadsheets.

Those same businesses routinely have segmented security within the environment to avoid attackers from moving laterally through their systems. That approach should be applied to insiders. Role-based access control and a zero-trust mindset mean that only employees who require information to perform their jobs can access it, and their identity is reconfirmed whenever they do. This should be a minimum requirement.

Another expert notes that “attackers don’t break in, they log in,” and blames antiquated authentication methods such as passwords or traditional Multi-Factor Authentication (MFA) for putting businesses at risk. Zero Trust Authentication, a subcategory of zero trust, was developed in response to weak passwords and MFA.

The engaged bystander, defined as someone who is empowered by the security culture, and feels confident about reporting concerns, also plays a significant role but requires regular education about suspicious behavior and established processes that allow such behavior to be reported in confidence.