Tried-and-true
security solutions like URL filtering, anti-phishing software, firewalls, and
other detection and signature-based solutions are able to mitigate most
cybersecurity attacks. But they operate on the erroneous assumption that anyone
and anything already inside of an organization network perimeter is safe and
can be trusted. This line of thinking has long been proven incorrect, much to
the dismay of IT departments and executive teams whose networks have been compromised
by insiders, both intentionally and through simple human error.The proliferation of cyberthreats has numerous drivers:
sophisticated phishing schemes, social engineering, application
vulnerabilities, and everchanging strains of malware. The dynamic
cyberthreat landscape continues to present one of the most pressing challenges that
confronts even the most progressive and forward-thinking IT departments.It
is essential for organization leaders to grasp the potential risks and the full
business impact of even a “minor” security breach. According to the Ninth
Annual Cost of Cybercrime Study conducted on behalf of Ponemon Institute
and Accenture, security breaches have increased by 67% in the last five years.
Yet many managers are unaware of the fact that current approaches are
inadequate and fail to proactively defend against numerous threats.
Today, organizations whose users need the web for their work, or even just browse from their workplace, must make the decision to not trust anyone or anything, from outside of the network or from within, to access their network without authorization. Every network access request must be authorized to ensure its legitimacy.Zero Trust is More than Just a Buzzword The Zero Trust concept negates the notion of a trusted network inside of a defined corporate perimeter. Instead, it demands development and implementation of granular security policies and mechanisms that empower organizations to manage the access permissions of each individual – user, contractor or partner. Without proper authorization and validation for each individual resource, no individual can access any application, data or system. Under the Zero Trust approach, all devices, networks, and IP addresses are micro-segmented and individual access is restricted to comply with security and user authentication policies. When users, devices, or applications are added to the fold or removed, policies and permissions must be updated and controlled accordingly. Thus, Zero Trust requires ongoing updates, adjustment, and fine-tuning. This approach is rapidly becoming the gold standard and we are starting to see it being adopted by IT teams aiming to upgrade their organizations’ cybersecurity framework. It is supported by a myriad of micro-segmentation solutions that aim to enable implementation and maintenance of complex and dynamic authorization frameworks.Zero Trust Organizations Trust No OneThe one area that is not covered by the Zero Trust toolkit is, shockingly, the most virulent threat vector of them all. It’s fair to say that your business could not succeed without use of the internet. However, the web, together with malicious email, represents the most prevalent vector through which malware infiltrates organizations. You can micro-segment your network, apps and users until you’ve created any number of networks-of-one, but it will not prevent browser-based malware such as ransomware variants, cross-site scripting attacks, and drive-by downloads from invading and establishing a foothold in your systems.Those who advocate for Zero Trust solutions recommend whitelisting trusted sites, while rejecting access to all other sites, as the solution to this issue. However, limiting access to trusted sites and denying access to all the others negatively impacts productivity and frustrates employees. Users must request access and then wait for permission to be granted. And IT staff must dedicate time to managing these requests. Even if organizations could accurately whitelist every site that might at some point be necessary for users to access (which is, of course, impossible), there is no guarantee that these whitelisted sites are in fact secure. For businesses to run efficiently, users must be able to effortlessly access the sites that they need. Yet to guarantee absolute impenetrable security, no website should automatically be trusted. Applying Zero Trust Browsing Remote Browser Isolation (RBI) enables Zero Trust Browsing -- the baseline assumption that while nothing from the web is to be trusted, users must be able to browse a wide and largely unpredictable range of sites. RBI enables organizations to assume that every download, website, and piece of content is suspicious until proven otherwise – without shutting down internet access. With RBI, all browsing activity takes place remotely, on a virtual browser in a disposable container located in the cloud. A clean content stream is sent from the remote virtual browser to the user’s browser of choice on the endpoint for a completely natural browsing experience. When the user is finished browsing, the isolated container and all its content are discarded. No website content ever touches user devices or the networks with which they are associated. RBI enables Zero Trust browsing, ensuring that no website reaches
organizational devices or networks. RBI prevents browser-borne executable code
from making its way to user devices and organizational systems so that all threats,
known and unknown, can do no harm.David Canellos, CEO, Ericom Software
The Hunt.io report identified over 1,350 C2 servers across 98 providers in 14 Middle Eastern countries. Saudi Telecom Company (STC) alone accounted for more than 72% of this regional activity, often through compromised customer systems.
Former CEO Adam Young and former CSO Harrison Gevirtz admitted to a misprision of a felony charge. They operated C.A. Cloud Attribution, Ltd. between early 2017 and April 2022, providing services to customers known to be engaged in telemarketing and tech support fraud scams.
The Dutch financial crime investigators (FIOD) arrested a 57-year-old company director and a 39-year-old who headed a separate firm providing internet connectivity.
