In a remote-work world, a zero-trust revolution is necessary | #computerhacking | #hacking


Last summer, law enforcement officials contacted both Apple and Meta, demanding customer data in “emergency data requests.” The companies complied. Unfortunately, the “officials” turned out to be hackers affiliated with a cyber-gang called “Recursion Team.”

Roughly three years ago, the CEO of a UK-based energy company got a call from the CEO of the company’s German parent company instructing him to wire a quarter of a million dollars to a Hungarian “supplier.” He complied. Sadly, the German “CEO” was in fact a cybercriminal using deepfake audio technology to spoof the other man’s voice.

One set of criminals was able to steal data, the other, money. And the reason was trust. The victims’ source of information about who they were talking to was the callers themselves.

What is zero trust, exactly?

Zero trust is a security framework that doesn’t rely on perimeter security. Perimeter security is the old and ubiquitous model that assumes everyone and everything inside the company building and firewall is trustworthy. Security is achieved by keeping people outside the perimeter from getting in.

A UK doctoral student at the University of Stirling named Stephen Paul Marsh coined the phrase “zero trust” in 1994. (Also called “de-perimeterization,the concept was thoroughly fleshed out in guidelines like Forrester eXtended, Gartners CARTA and NIST 800-207.)

Perimeter security is obsolete for a number of reasons, but mainly because of the prevalence of remote work. Other reasons include: mobile computing, cloud computing and the increasing sophistication of cyberattacks, generally. And, of course, threats can come from the inside, too.

Copyright © 2022 IDG Communications, Inc.



Original Source link




Leave a Reply

Your email address will not be published.

eighty three − = 79