Cybersecurity: A Zero Trust Game

Most businesses plan for success but in cybersecurity, we have to plan for failure. Everyone knows that cyberattacks or breaches can cause untold damage to any company’s operations, sales, reputation, and stock price. They can also end what has been up to then, quite a successful career of a C-level executive.

As these attacks become increasingly sophisticated, security protocols must adapt in response, and as we move out of the COVID-19 period, adopting a more stringent approach might be an important consideration for companies to start implementing.

Businesses have to do better. While you can never predict when you will be hit by a cybersecurity crisis, it is definitely worth putting in place a well-rehearsed and effective cyber resilience plan that can help mitigate the worst effects of an attack, while ensuring that operations carry on as usual. It is no surprise that bouncing back from a cyber assault is top of mind for most chief risk officers and chief security officers. But let us take a step back, look across your business’ entire network, and start asking strategic but critical questions about the devices that we have on there.

According to a Gartner report, 4.8 billion internet of things (IoT) endpoints are expected to be in use in 2019, up 21.5 per cent from 2018. These devices can be anything from the swanky, smart television in your living room, the internet-enabled refrigerator in your kitchen, the multi-functional printer in the corner of the office, or in the case of hospitals, a new third-party monitoring device for patients.

There are a vast number of IoT devices flooding the market and is the door that allows businesses to deliver innovative approaches and services and is the same door that simultaneously opens the network up to cybersecurity risks.

Identifying the threat surface area

In our recent Unit 42 IoT Threat Report; we have found that 98 per cent of all IoT device traffic is unencrypted. Unencrypted traffic exposes personal and confidential data on the network, allowing attackers to collect personal or confidential information which can then be exploited for profit on the dark web.

Without knowing the risk posed by IoT devices and applications, enterprises face a significant challenge. Often times, this is simply due to the lack of device discovery and inventory. Without visibility of the full breadth of IoT assets within a network, your organisation is unable to accurately plan for network access requirements, deployment tactics, security strategy optimisation, and operation plans.

Once the identities of your devices are determined, security teams have the ability to track the device behaviour within any organisation’s workflow. Rather than viewing them as unknown device types, knowing what they are, and where they exist on the network will allow greater control on the movement of traffic of these devices which will give them the ability to limit the attack surface.

Confidence in a Zero Trust Approach

The Zero Trust model has been seeing an increase in interest among Chief Information Security Officers (CISOs) over the past year. It is an approach that eliminates the idea of a trusted internal network and an untrusted external network. Simply put, no user or device is trusted in or outside the network. This means that every single device must be verified before being granted access to its systems. All resources are accessed in a secure manner, and all traffic is logged and inspected. Security, therefore, becomes ubiquitous throughout the infrastructure.

Against the backdrop of COVID-19, the healthcare sector has never before been under so much scrutiny on all fronts. Australia has a relatively advanced healthcare and medical system; people who are in need of treatment, have the ability to access what they need when required. But taking a closer look under the proverbial hood, hospitals and healthcare institutions also need to ensure their devices are not posing high risks to employees, patients, computer systems, or business operations.

Now more than ever, in a time where people are relying on our healthcare systems to be steadfastly up and running. The last thing everyone needs is to have a critical healthcare facility hit by cyberattacks disrupting urgent treatments with potentially life-threatening consequences.

According to a Gartner survey, 40 per cent of healthcare CIOs plan to spend new or additional funds on cybersecurity tools in 2020. That seems all well and good, but for the time being, it seems medical devices are in a critical state. Many devices run on outdated operating systems that are neither maintained by dedicated IT teams, nor by operating system vendors. Biomedical engineers who maintain these devices do not have the training to follow IT security best practices and maintain updated security patching on these devices.

The result? The network is exposed and vulnerable as infected devices set off a chain reaction that impacts other devices. Organisations need to ensure they have real-time visibility into IoT device behaviour, to quickly respond to threats and prevent disruption to operations.

Be Safe, Not Sorry

It may not be possible to stop every single attack, as it is inevitable people on the inside are going to make mistakes, click the wrong links, or persist with outdated security patches. Cyberattacks will continue to happen but as a security lead, you have to prepare for the worst, meaning your view of what you put in place to stop threats has to be consistent and continuous across the environment.

We may not know where the next attack is coming from, who is behind it, or how big it is going to be — but we must know that we have the necessary mechanisms in place to make sure we can stop it in its tracks before it moves too far along the cyberattack process.

Know your risk so you can reduce it and make sure your organisation has an effective IoT security strategy that can act holistically to orchestrate the entire IoT ecosystem and expand security to all devices.

In the end, most organisations that experience a cyber crisis make a significant increase in cybersecurity investment. Focusing on principles such as Zero Trust, improving cyber hygiene, and simplifying security processes and technologies are some of the most important –  and basic – things to do – and go a long way in ensuring your IoT technology is future-proofed.

Attributed to , Vice President and Regional Chief Security Officer for Asia Pacific & Japan, Palo Alto Networks