With almost everyone locked up in their homes, in the harsh days of the pandemic, thousands of thefts and scams have moved from the physical to the virtual world. Already in the middle of last year, half of the crimes were onlineClarin published in those days.
Today, although confinement almost does not exist, the home office has gained strength and Internet activity has not stopped. Computer scams, less. In the first half of 2022, the number of new variants of ransomware was identified in Latin America (data hijacking) increased by almost 50% compared to the same period in 2021, according to cybersecurity company Fortinet.
If you add to this the growing scams due to the theft of WhatsApp accounts and the leakage of data from Argentines in various public bodies, the landscape is difficult and complex.
Thus, experts began advising companies to take maximum precautions, with the implementation of a tactic used more than 20 years ago, and slowly it was left aside: the request is to return to Zero trust.
Back to the past: what is the “zero trust” tactic.
In two weeks Clarione received press information from three companies specializing in cybersecurity, where they called for the return of the concept Zero trust.
This cybersecurity tactic works on the assumption that every connection and entry point into a business or home systems is considered a threat. Hence, a Zero Trust network logs and inspects all network traffic and restricts and controls access to the network.
“A Zero Trust security model assumes this anyone who tries to access the network is a threat potential, so every user must be verified before entering the system. This verification is applied regardless of whether the user is attempting to access remotely or within the network, thus providing greater security, especially for companies operating with hybrid work schemes, “explains Jaime Chanaga, Field CISO for l Latin America and the Caribbean at Fortinet.
In this regard, Luis Corrons, specialist of the security company Avast, explains that the Zero Trust concept is based on three principles. “The first is never trust, always check. This means treating every device, user, application as untrusted. The second is to use least privilege access. And the third is to operate and defend resources assuming that an attacker is already present in your environment. “
However, the methodology is of little use if it is implemented only by the systems department, in the case of a company, or by the Administrator, in the case of a home.
trust people
“Zero Trust technologies can cover all attack surfaces and protect organizations, but they mean nothing without the people who use them. This means favoring a culture of transparency, open communication and in the ability of others to do well. To successfully implement zero trust technology, organizations must involve employees in the process, ”wrote Dave Russell and Rick Vanover of secure backup services and consultancy Veeam in an article.
Therefore, the concept must be horizontal. “This just means giving each person the access they absolutely need. For example, being the CEO of a company doesn’t mean having access to all the information from your phone,” explains Gabriel Catropa, IT Security CTO for LATAM at IBM. .
What if the tactic fails despite everything? “Zero trust is a multi-layered approach: the architecture is designed with the assumption that traffic can be malicious, devices and infrastructure can be compromised, and critical data is always at risk. But this lower level is the most crucial: if all else fails, a fail-safe kernel is needed to restore the data and get the systems back up and running as soon as possible, “says Martín Colombo, from his offices in Buenos Aires. Regional Director Veeam senior “
“There is a golden rule in data protection known as the ‘3-2-1’ backup rule,” adds Colombo. “This rule states that when a backup is made, three copies must be generated, in two different spaces, and one of the copies must be kept offsite. Zero Trust was popularized 20 years ago and is still valid today.” .
How to apply “zero trust” on your home PC
How to realize the idea of Zero Trust Inside the houseThe closest point is the two-step verification. In this way, an attacker who manages to steal username and password must also have the second key to be able to take possession of the account, be it WhatsApp, Instagram or an e-mail.
“Even if a username or password has been accidentally or intentionally compromised, the user is still protected because they cannot access the token or biometric data needed to even log into any account,” explains Chanaga.
“Most home users are on their computers as administrators. Following the second principle, the ideal is to always use a user with basic permissionsand use administrator privileges only when needed, ”adds Corrons.
SL
Source: Clarin
