Years ago, the work of network security was likened to building a moat. By pairing software applications and hardware devices, such as firewalls and secure routers, IS professionals can build a protective barrier around a company’s computer network. However, as technology has evolved and networks have expanded to include remote employees working on mobile devices, laptops and tablets on Wi-Fi networks equipped with varying levels of security, the borders of network territories are changing and blurring. The number of potential network entry points has multiplied, requiring IS professionals to find new ways to defend these extra doors and protect company information from unauthorized access and modification, misuse and theft.
But protecting the borders is not enough. According to IBM, 60 percent of cyber attacks in 2015 were launched from the inside. Hackers can quietly enter a network and sit dormant for weeks before launching an attack. In this case, the threat is coming from the inside, not the outside. Attacks also can be launched by ill-intentioned employees or even customers, vendors or other partners who have access to a company’s network.
However, sometimes the cyber attacks happen unintentionally when a user clicks on a bad link or downloads an infected file without realizing that he or she is giving a hacker access to a network. In the case of bring-your-own-device networks, workers may store company data on unsecure devices, which leaves the information open to attack, IBM points out. IBM’s
latest research notes that two-thirds of record breaches in 2017 resulted from accidental insider threats — a third of which were the result of spearfishing.
To defend against these threats, cyber security experts advise that organizations convert to a zero trust network. The guiding principle of a zero trust network is to never blindly trust any activity but to instead verify that it is a safe practice. According to Palo Alto Networks
, this enables IS specialists to detect lateral threat movement within a network and set up sub-perimeters to monitor and stop attacks within a network.
The network security seminar will take place on Wednesday Sept 26 at Cyber Security Chicago. The seminar will be hosted by Dave Lewis
, advisory CISO — global at Duo Security. Dave will help Cyber Security Chicago attendees build their own zero trust networks to defend their companies against data breaches and hacking. His presentation, “Zero Trust and the Flaming Sword of Justice
,” will take place from 1:40-2:10 p.m.
Cyber Security Chicago will take place Sept. 26-27 at McCormick Place. Ticket info can be found here