Years ago, the work of network security was likened to building a moat. By pairing software applications and hardware devices, such as firewalls and secure routers, IS professionals can build a protective barrier around a company’s computer network. However, as technology has evolved and networks have expanded to include remote employees working on mobile devices, laptops and tablets on Wi-Fi networks equipped with varying levels of security, the borders of network territories are changing and blurring. The number of potential network entry points has multiplied, requiring IS professionals to find new ways to defend these extra doors and protect company information from unauthorized access and modification, misuse and theft.
But protecting the borders is not enough. According to IBM, 60 percent of cyber attacks in 2015 were launched from the inside. Hackers can quietly enter a network and sit dormant for weeks before launching an attack. In this case, the threat is coming from the inside, not the outside. Attacks also can be launched by ill-intentioned employees or even customers, vendors or other partners who have access to a company’s network.
However, sometimes the cyber attacks happen unintentionally when a user clicks on a bad link or downloads an infected file without realizing that he or she is giving a hacker access to a network. In the case of bring-your-own-device networks, workers may store company data on unsecure devices, which leaves the information open to attack, IBM points out. IBM’s
latest research notes that two-thirds of record breaches in 2017 resulted from accidental insider threats — a third of which were the result of spearfishing.
To defend against these threats, cyber security experts advise that organizations convert to a zero-trust network. The guiding principle of a zero-trust network is to never blindly trust any activity but to instead verify that it is a safe practice. According to Palo Alto Networks
, this enables IS specialists to detect lateral threat movement within a network and set up sub-perimeters to monitor and stop attacks within a network.
However, some companies might view this as an extreme approach or worry that they may face additional security risks while migrating to a zero-trust network. Wendy Nather
, director of advisor CISOs at Duo Security, will walk Cyber Security Dallas attendees through the process of migrating to a zero-trust model through incremental steps that help ensure a smooth transition. Her keynote address, “Can You Be Just a Little Bit Beyond?
” will take place Wednesday, Oct. 31 from 10:50 to 11:20 a.m.
Cyber Security Dallas will take place Oct. 31-Nov. 1 at the Gaylord Texan Resort & Convention Center in Grapevine, Texas. Ticket info can be found here