It’s easy for network and security practitioners to assume that Cybersecurity Awareness Month is for other people. After all, you’re experts in the field. What could you possibly have to learn? However, even the best network and security experts can have blind spots when it comes to cybersecurity and Cybersecurity Awareness Month is the perfect time to address them. We all know that deploying the latest and greatest hardware or solution isn’t enough to be secure, complying with industry standards isn’t enough to keep you safe, and just because you haven’t been hit by cyber attackers doesn’t mean you have strong security.
For Cybersecurity Awareness Month, here are five misconceptions you may have and why you need to change your thinking.
1. Only large companies are targets for ransomware. Working for a small business isn’t a guarantee of staying off cyber attackers’ radar. Unfortunately, it turns out the opposite is true. A recent report showed that 82% of ransomware attacks target small businesses. Companies with fewer than 1000 employees are at the most risk.
Going after big companies brings attackers law enforcement and media attention that they don’t want and costs them more. Cyber attackers are risk averse, so many of them have quietly shifted from going after big companies to going after smaller companies that can afford to pay, but won’t bring them the kind of high profile they’re trying to avoid.
2. You can't get security and performance and agility. No one wants to sacrifice their performance and agility for cybersecurity. Right now, agility is more important than ever. Businesses these days need to support an at-home workforce and rely more heavily on the internet-of-things.
Secure Access Service Edge (SASE) is a newer type of security architecture that provides the agility modern businesses need. One of the benefits of SASE is that it enables consolidation and simplifying the process of managing security. SASE brings together all of your network and security With cybersecurity made simpler and easier, SASE enables business agility rather than getting in the way.
SASE can also improve performance by minimizing latency, which always improves the user experience. It also eliminates the traditional problem of backhauled traffic flows, increasing efficiency, and it scales elastically to make accommodating traffic fluctuations simpler and easier. With these improvements, your network is free to perform at its peak.
3. Cyber threats primarily come from external actors. Security practitioners have done such a good job of securing the perimeter and shoring up loose ends that the only real lose end left is the users themselves. So, the biggest security threats you’re facing right now don’t come from external actors at all. The call is coming from inside the building.
From phishing to malware and social engineering, cyber attackers have many, many ways of compromising users. And no matter how many times you make them reset their password, users have many, many ways that they leave themselves open to exploitation. Between this and the improved security at the perimeter, it’s no wonder cyber attackers are coming for users.
Data breaches come from connections that security allows. It’s vital that security assume that malicious content or malicious users may get into these allowed connections. Instead of assuming that all users inside the perimeter are safe, it’s time to start continuously verifying trust for all users and performing continuous threat inspection to catch cyber attackers before they can cause any damage. This is the start of a strategic approach to cybersecurity called Zero Trust, which secures organizations by removing the assumption of trust and validating every stage of digital interaction.
4. Firewalls or firewall-based security cannot protect you in the cloud. For many people, the word “firewall” still conjures up the image of deploying and managing complex physical or virtual appliances across on-premises campus networks. But this, itself, is a misconception. The action of “firewalling” really describes the capabilities or output of a policy-based network tool that determines whether to allow or deny traffic – and this is foundational to any security stack.
In fact, “firewalling” is everywhere. Firewalls exist in the cloud, on-premises, in applications and even on your devices. We just don’t call them “firewalls” most of the time. But, when you hear things like “access control lists,” “security groups,” “availability zones,” or “policy-based forwarding,” what you’re really hearing is just another word for firewalls. These days we need to move away from thinking about firewalls in terms of formfactors, like physical or virtual appliances, to thinking about the best way to achieve desired outcomes through “firewalling” functionality while increasing agility and reducing complexity.
The function of a firewall, whatever word you use for it, is to allow the traffic you want to go through and block any traffic you don’t want. By leveraging that same functionality everywhere (on-premises, in the cloud, from the cloud, on your device, etc), we can now extend a consistent set of policies from campus networks, data centers, private clouds, public clouds – and anywhere else our applications and data now live. Thus firewalls are exceedingly relevant for delivering security across hybrid environments, giving organizations back the visibility and control they need to adapt and adjust to changing business end user requirements while achieving better security.
5. All Zero Trust Network Access solutions are created equal. Zero Trust Network Access (ZTNA) applies the principles of Zero Trust to network access. Unfortunately, ZTNA as commonly implemented (ZTNA 1.0) only solves some of the problems you have when accessing directly from the application. For instance, with ZTNA 1.0, once trust is granted, the trust-broker vanishes and the user has free reign. However, all this really does is create a single, point-in-time check in for the user. Once access is granted, the user will be implicitly trusted forever. Without continuous vetting, there is no way to know if you’re exposing your application to danger.
In other words, this approach can’t protect from breaches that occur on allowed connections – and all breaches occur on allowed connections. Furthermore, standard ZTNA violates the principle of least privilege, doesn’t provide security inspection, doesn’t secure all applications, and can’t secure all data.
Fortunately, ZTNA 2.0 gets rid of these weaknesses for greater security. Rather than granting trust as a one-off, ZTNA 2.0 continuously reassess trust based on changes in application behavior, user behavior, and device posture. This way, if a user becomes compromised, their access and privileges can be quickly removed before they can cause any damage. ZTNA 2.0 also adds real least-privilege access, provides continuous security inspection, protects all data and secures all applications.
If there’s one lesson we can draw from these misconceptions, it’s that the world is changing around us and the old tools and ways of thinking for cybersecurity aren’t enough anymore. We need to change what we do and how we think to keep up with the growing challenges facing cybersecurity.
We live in a world where work can happen anywhere, at any time, on any device. Workers aren’t chained to their desks anymore and neither are their devices. It’s gotten much harder to maintain any kind of real control. In this environment, we need better tools and strategies. ZTNA 2.0 was specifically designed to protect this kind of environment, which is why it’s such a key part of a successful cybersecurity strategy.
SASE is another modern strategy designed for the changing security landscape. SASE not only simplifies architecture to promote agility, but also provides the Zero Trust capabilities that enterprises need to stay safe. With more and more of the enterprise moving to the cloud, it’s important for SASE to stay consistent across a hybrid cloud environment. Cloud-delivery for SASE let’s SASE stay consistent across the entire enterprise.
Artificial Intelligence (AI) and Machine Learning (ML) are becoming mainstream in modern cybersecurity because they can have a big impact when it comes to protecting against the more sophisticated and highly automated threats that are emerging right now. Threat actors have so many tools to work with that let them move faster than cybersecurity professionals can manually prevent. And threat actors only have to get it right once to cause damage, while cybersecurity professionals have to keep the network secure against every single threat. It’s no wonder so many cybersecurity teams are overwhelmed. AI and ML trained and tuned to look for threats enables cybersecurity teams to operate in real-time and catch cyber attackers before they have the chance to claim their first victim. AI and ML can turn reactive teams into proactive teams.
This Cybersecurity Awareness Month, take the time to become more aware of the way cybersecurity has evolved and advanced to handle the modern world and its changing threat landscape. Even experts have blind spots. Cybersecurity Awareness Month is a good time to shine a light on them.
To learn more about SASE and how you can incorporate it into your cybersecurity toolbox, check out Prisma Access.