More

    Zero-Trust, the Cybersecurity Model that is Changing Technological Paradigms

    Today, most assignments and projects are spread across multiple locations, with teams coordinating with common group platforms that allow them to share ideas on the web

    Must Read

    TCRN STAFFhttps://www.TheCostaRicaNews.com
    Creating a Conscious alternative news network that we feel the world needs. Pura Vida!

    In the last two years, organizations around the world have adapted to new ways of working, getting used to terms like telecommuting, remote work or hybrid, and to handle technology with greater skill. During the pandemic, this type of work generated some opportunities for employees and employers; but also, it represented a challenge due to the cyber risks associated with remote work.

    Among these risks are cyber attacks. Cybercriminals focused their strategies on attacking those organizations that were not prepared to face the digital world and what it entails.

    The most common objectives that facilitate cybercrime are:

    • Remote workers using potentially insecure laptops, mobile devices, networks, and smart home devices.
    • VPN (Virtual Private Network) and other unpatched software that is run on home systems.
    • Computers with a poorly configured Remote Desktop Protocol (RDP) connection, which can be easily compromised through the use of previously stolen or easily cracked passwords.
    • Cloud services with weak access controls.

    An innovative ecosystem

    Since 2009, there has been an ecosystem called ZeroTrust, which is becoming relevant in this global scenario of teleworking. At its core is the critical data or business processes that must be protected; but above all it is the effective way to help mitigate risks in a hybrid work environment, where perimeters are fluid, workers are distributed and must continuously authenticate, and networks are segmented to reduce the potential for threat propagation.

    Situations like these make it necessary to always apply the Zero Trust security premise or approach “Never trust. Always check.” This is stated by Marielos Rosa, Operations Manager of ESET Central America, who adds that “as opposed to the perimeter security model whose premise is “trust and verify”, Zero Trust is based on the idea that, by default, organizations should never trust no internal or external entity entering its perimeter. This model offers an increasingly popular option to minimize cyber risk in a world characterized by hybrid cloud, remote work and multiple threat actors.”

    According to ESET Latin America in practice, there are three implicit principles to help minimize the impact of breaches:

    • All networks should be treated as untrusted: If no network is trusted, users are also untrusted. After all, there is no guarantee that an account has not been hijacked or that a user within the organization is not a malicious actor. That means giving employees just enough privilege to get the job done, then regularly auditing access permissions and removing those that are no longer appropriate.
    • Minimum privileges: This should include home networks, public Wi-Fi networks (for example, in airports and coffee shops), and even local corporate networks. Cybercriminals are too determined for us to assume there are safe spaces left.
    • Assume the breach: News of a new security breach is reported daily. By keeping their guard up, organizations will be vigilant and continue to enhance their defenses with the resilient mindset that Zero Trust suggests. Breaches are inevitable, it is about minimizing their impact.

    During the pandemic, it also became apparent that VPN solutions were in many cases unable to support large numbers of remote workers. They are increasingly a target of attack in their own right, especially if they are left outdated and unprotected.

    Resource Protection

    During the pandemic, it also became apparent that VPN solutions were in many cases unable to support large numbers of remote workers. They are increasingly a target of attack in their own right, especially if they are left outdated and unprotected. This is revealed by data from the special section on COVID-19 included in the most recent National Household Survey.

    (Enaho), carried out by the National Institute of Statistics and Censuses (INEC) in July of this year. Of the 296,079 people with telework in Costa Rica, 83.6% began to apply this modality as a result of the COVID-19 pandemic, according to Enaho. The other workers (16.4%) had already been applying it since before the health emergency.

    Given this panorama, it is necessary for every organization to take into account these three aspects, to implement the Zero Trust model:

    1. Visibility: It is necessary to identify the devices and assets that must be protected and monitor them. It is not possible to protect a resource that we do not know exists, so it is essential to have visibility of all the resources that belong to the organization or that have access to it.

    2. Policies: Controls must be implemented that allow only specific people to have access to specific entities and conditions. This means that careful checks are required.

    3. Automation: The automation of processes ensures the correct application of policies and allows the rapid application of measures against possible deviations.

    With a Zero Trust environment, in addition to having control and knowledge of all the data at any time, in the event of a breach, the organization’s security teams are capable of accurately detecting when and from where data was stolen or manipulated, providing a rapid response capacity.

    resonance, coworking Costa Rica
    At Resonance, we aspire to live in harmony with the natural world as a reflection of our gratitude for life. We are co-creating an inspired and integrative community, committed to working, living and learning together. We resonate with that deep longing to belong to the hive and the desire to live the highest version of ourselves in service.
    - Advertisement -

    Subscribe to our newsletter

    Get all the latest news, events, offers and special announcements.

    Latest News

    Costa Rican National Institute of Music invites Children and Young People Without Musical Knowledge to Participate in the 2025 Academic Year

    The Ministry of Culture and Youth, through the National Institute of Music (INM), has opened the call for participation...

    More Articles Like This

    Language »