You can’t stop every threat, but you can mitigate damage with a zero-trust architecture.
The biggest cyber attacks of 2020 have raised new concerns around enterprise security postures, practices, and policies.
Would things have been different if so many enterprises hadn’t been forced to rush into a largely virtual arena? Or, had the writing already been on the wall before the pandemic?
Below are five of the most significant cyber attacks of 20201.
- Australia-based logistics company – With the average time to identify a breach being 197 days and 69 days to contain2, it might not seem all that surprising this company got hit by ransomware twice in three months. But they were breached by different forms of ransomware, which demonstrates multiple cyber security issues that allowed the breaches to occur.
- Global hotel chain – This major hotel chain suffered from quite an unwelcome guest. The personal information of 5.2 million guests was accessed as a result of their data breach. How? Attackers used the login credentials of two employees at a franchise property.
- Healthcare insurance giant – This healthcare insurance company could have used a cyber security checkup. Ransomware threat actors exfiltrated logins, personal information, and tax information, affecting eight operations entities and approximately 365,000 patients. How? A phishing email demonstrating refined impersonation skills.
- Global social media company – It takes only a few minutes for bad actors to wreak havoc on social media. Through a social engineering attack, the attackers stole employee credentials, allowing them to access the social media company’s internal management systems. This led to the hacking of dozens of high-profile accounts, including former President Barack Obama.
- Navigation technology supplier – A cyber attack encrypted this major navigation technology company’s systems and forced services offline. Their website, customer service, public-facing applications, and corporate communications were all significantly disrupted.
In a world of continuously evolving, increasingly advanced threats, who can you trust?
Nobody. A comprehensive zero-trust architecture requires each person, device, unit of data, network, and workload to earn and maintain your trust before being granted access. Could a zero-trust architecture have prevented the top 2020 cyber attacks? Not likely. While your goal may be completely preventing all cyber attacks, cyber criminals are sophisticated, well-funded, and produce continuously evolving, novel threats. You need to build in threat mitigation for when a breach occurs.
From reducing your attack surface to slowing the pace of the attack and stopping the breach from spreading, mitigation can mean the difference between one employee losing a day’s work on their laptop versus an entire company having critical operations shut down, losing customers, damaging their reputation, and costing millions of dollars.
Slow the spread of an attack
Without zero trust, an attacker can breach a single trusted endpoint and run rampant from that single foothold. With zero trust, it’s exponentially harder for the attack to progress from its beachhead. Even if the attacker breaches a machine, that machine still isn’t trusted. So, when the attacker starts trying to look around your network, they don’t have total visibility. And they’ll have to go through the same difficulty of breaching their next target in your system.
While it’s not as simple to say the attack goes away, the pace of that attack slows. In doing so, the impact at any given time is magnitudes less. Defending security teams will pick up on the increased activity, which signals an attack is underway, and will have more time to contain and remediate.
Cisco Customer Experience (CX) offers expert Zero Trust services
Zero trust is a cultural shift, an architectural philosophy as much as it is a standard. It canvases your entire enterprise and comprises a number of technologies — a holistic approach to preventing and containing security breaches. This strategic approach to your security is achieved over time. But your Cisco® Zero Trust journey can start today with Cisco CX.
Cisco CX supports your Zero Trust journey with leading experts in security, networking, and IT — all the key areas you need to mitigate threat damage via Cisco’s three central pillars of Zero Trust:
- Workplace – people and devices
- Workforce – data and network
While it’s not a simple switch you can flip, your organization probably already has latent Zero Trust capabilities. Cisco CX can help you fully capitalize on those capabilities and get the most from your existing and future investments via a vendor-agnostic approach.
To learn more, visit Cisco Zero Trust Strategy and Analysis Service and Business Critical Services for Security. You can also contact your Cisco sales representative or Cisco authorized partner for assistance.
Source: IBM Security and Ponemon Institute Cost of a Data Breach Study