Page 219 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 219
While this complex cybersecurity landscape has created many challenges for businesses and
government organizations alike, we are now seeing for the first time a uniform approach to cybersecurity
being implemented. The current threat landscape also underscored the importance of Executive Order
14208 and other pending legislation aimed at improving cybersecurity posture. Personal data has evolved
not just into a commodity, but a means of leverage or even extortion of certain individuals. Data theft can
mean more than just exposure of sensitive information; it can also seriously impact national security,
companies or individuals whose reputations and ethics are being exploited. And we must not forget about
the fatal impact of extortion as a result of data being held hostage.
All of this indicates that there is an inherent need to update cybersecurity practices toward a method of
zero-trust, rather than the traditional trust but verify approach. But what does this approach actually look
like? Companies and government agencies are often sharing upwards of thirty percent of their data with
third party collaborators – an inevitability of working with other agencies in a digital environment. This
places the focal point of data security not on the data itself, but rather the governance of ensuring that
individuals gaining access to this information, are in fact who they say they are. Legitimate figures have
become increasingly hard to recognize in a digital age, from sources of misinformation, trojan horses and
rapidly advancing ransomware – and in many cases, malicious sources have become increasingly
identical in appearance to reputable ones. Solutions like multi-factor authentication have proven effective
across these areas, many organizations and government agencies have some ground to cover to meet
the highest security standards through the implementation of advanced identity and access management
capabilities.
The Nirvana of these solutions would center around the narrative of: What is my most critical information?
How is it protected? Who has access to it? And who provides accountability for that access? Individuals
should be able to tier the potential threat level to their data or security, and strategize how to grant access
to other users, without compromising sensitive information, and finally, be able to disrupt access to this
information at their own discretion.
The next definitive phase in cybersecurity solutions will likely be centered around Identity proofing and
governance of data access, versus what specific data is accessible. Rather than focusing on specific
entitlements to data for individuals, the solution instead lies in creating a zero-trust environment with no
exceptions. In other words, instead of continuing the current landscape of de-facto “trust but verify” before
setting up protection, the order of operations should be carried out in reverse priority, shifting from a free-
reign approach to more prescriptive access of data and information.
The cybersecurity challenges for organizations and government agencies alike have only grown the past
few months. Now is the time to improve upon cybersecurity posture across the board, taking into account
the proper cybersecurity strategy and solutions built upon the concept of zero-trust. Only then will today’s
organizations properly protect themselves from bad actors that thrive in turbulent times.
219
