Zero-Trust is a new security paradigm

Due to the situation that occurs right now, all organizations will need to implement a new security model such as Zero-Trust. For those who are new to this procedure, Zero-Trust is a procedure that restricts the “least privilege” to all users within the organization.

Source: Implementing a Zero Trust security model at Microsoft

The reason that all organisation will need to implement in place such as:

  1. An attack that comes from outsiders is something that organization especially System Administrator need to worry comparing to the environment that they have around 20 years ago.
  2. Don’t trust anybody right now even Insiders people within the organization. An attacker can be outsiders and insiders that might propose a perceived risk. Based on my experience, I notice that an attacker can be coming from inside of the organization which they have the intention of harming or another worker by selling company and customer data to the public.
  3. Ransomware is a trending attack where it will normally spread within the machine and data centers. This attack will cost a lot to the organization’s business by encrypting the victim’s data.

There is a new attack called Coronavirus Ransomware which will be focusing on phishing scams that started around January this year. An attacker is taking advantage of the fear and havoc related to the Coronavirus. Nowadays, daily internet usage has been increased day to day during the Coronavirus pandemic and the attacker is taking advantage of the event.

Source: Softcat Zero Trust Network Security Model

Some organization has taken a step ahead for the Zero-Trust by state their objective as “Don’t trust, Verify“. An application that been connected to the organization data and network would need to verify via authentication such as two-factor, Multi-Factor Authentication and single sign-on methods.

Source: Why banks are adopting a modern approach to cybersecurity—the Zero Trust model, Softcat Zero Trust Network Security Model and Implementing a Zero Trust security model at Microsoft

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *