Over the years, computer security has fallen into decline and even into oblivion. Now companies advocate for cybersecurity and lately they are concentrating on the so-called Zero Trust threats that are of vital importance.
Meanwhile, antivirus companies continue to be useful and continue to help individuals and companies. Most antivirus companies fight hackers every day. It is a most complicated battle since attacking a target is always easier than defending against the unknown.
How to protect ourselves against cyber threats
The ransomware they are the best known example of cyber threats. Protecting ourselves against this type of attack is relatively simple. They require us to be careful with certain emails and files. It is the most common attack and most dependent on the way we work with a team.
During a malware attack, a hacker sends a dangerous link or email attachment that, when clicked, installs software that can block access to key network components, install malware or other destructive software, access the hard drive to transmit and collect data and interrupt components so that the system does not work.
Main threats nowadays
An attack of phishing involves sending communication, usually via email, posing as a reputable source. The targets of this attack can be to steal confidential data, such as login information and credit card details, and to install malware.
There are other more sophisticated attacks such as Man in the Middle that gets the attacker somewhere in between and see everything we do. But now the threats Zero Trust.
During a denial of service attack (DOS), the attacker targets servers, systems or networks with traffic to obstruct bandwidth and paralyze the system. This type of attack can use multiple compromised devices in a distributed denial of service (DDOS) attack.
An injection of SQL code involves inserting malicious code into a server using Structured Query Language (SQL) to force the server to disclose confidential information. The attacker can enter malicious code into a website search box to carry out this type of attack.
The DNS tunnel attack occurs when the attacker sends http and other traffic over the Domain Name System (DNS) to mask outgoing traffic as DNS and to hide data that is typically shared over a secure Internet connection; acquire data from a compromised system; and send commands to a compromised system and obtain information.
A zero-day exploit attack (Zero Day Attack) involves targeting a disclosed vulnerability before a fix or patch has been implemented. Organizations that do not act quickly may find themselves at the target of this type of attack.
Zero Trust, a different strategy for a different threat
Zero Trust, the vendor-driven borderless security strategy, has completely permeated the company. This has been the information that Microsoft has collected within the departments in charge of cybersecurity.
Microsoft, IBM, Google, AWS, Cisco, Kaspersky and others in the cybersecurity industry have been warning for years regarding the Zero Trust threat in recent years. Now the threat is real and there have already been cases around the world.
The Zero Trust threat case came to light after a series of attacks on the software supply chain. This attack occurred this year on US technology companies. These companies were in the process of migrating to remote work. Demonstrating the need to protect information within and beyond a trusted environment.
As Microsoft has argued, part of Zero Trust threats is assuming that the corporate network has already been compromised. Either by hackers targeting that network through phishing or malware, or through an employee’s compromised home device connecting to the network.
Companies now consider Zero Trust stance
Now, after this series of problems, it seems that companies are beginning to take this problem into account. It was at this point that Microsoft’s survey of 1,200 security decision makers answered. The response has been unanimous and 96% of them consider that protection against Zero Trust threats is of vital importance.
On the other hand, Zero Trust protection will soon be mandatory for federal agencies, helping to standardize the concept in the broader market. US President Joe Biden’s executive cybersecurity order in May directed agencies to move to Zero Trust architectures as a service and enable two-factor authentication (2FA) within 180 days.
Hybrid work drives adoption of Zero Trust architectures
Microsoft has confirmed that approximately 76 percent of organizations are in the process of implementing a Zero Trust architecture. This represents an increase of six percent compared to last year. A change in trend that shows commitment to cybersecurity.
“The shift to hybrid work, accelerated by COVID-19, is also driving the movement towards wider Zero Trust adoption with 81 percent of organizations already beginning the movement towards a hybrid workplace.”writes Vasu Jakkal, Microsoft’s corporate vice president of security, compliance and identity.
“Zero Trust will be critical in helping to maintain security amid the IT complexity that comes with hybrid work.”
Why adopt Zero Trust?
The main reasons for adopting Zero Trust put forward by users include increased security and compliance agility, speed of detection and remediation of threats. They also agree on their simplicity and availability of security analysis, according to Jakkal.
Ultimately, the goal of Zero Trust is to ensure that all critical points are safe. Identity, endpoints, network, and other resources using tokens and data.