One of the great challenges that companies have today, after the adoption of remote work, is reinforce cybersecurity in their digital ecosystems.
According to Microsoft studies, so far this year there has been an increase (230%) in password spray attacks, a type of technique where an attacker tries the same password on different accounts. Likewise, the company pointed out that ransomware attacks, kidnapping of information and data on companies, have also been increasing in the region.
(Read: Blumer, the first app that pays you with crypto to watch content).
However, in order for companies to be able to react immediately or prevent any type of attack, including theft and access to information through email, Microsoft presented three principles of the Zero Trust model.
The first section focuses on explicitly verifying users. For the company it will be essential to always authenticate and authorize based on all available data points, “including user identity, location, device status, service or workload, data classification, and anomalies”.
The second principle focuses in limiting the accesses with just time and speed, all in order to avoid risks and protect data and productivity”.
Finally, it is to assume the violation and this is where se must minimize the radius of the reach and segment the access. “End-to-end encryption should be tested and analytics used to gain visibility, drive threat detection and improve defenses.”
Marcelo Felman, Director of Cybersecurity for Latin America at Microsoft, explained that implementing a Zero Trust model will help protect companies against 98% of attacks.
“The implementation of a Zero Trust strategy is not complex at all. The steps are ‘hygiene’ measures that should be considered in any company that wishes to protect itself and mitigate security risksFelman commented.
(Also: Digital mentality, the new challenge for organizations).
Under this line, Felman pointed out five steps to properly implement a Zero Trust strategy within an organization.
As a first section, he stated that strengthening access credentials for collaborators will be essential for security, in which the use of new tools such as biometrics stands out.
“Use multi-factor authentication (MFA) everywhere, as well as strong password guidance, and continue on the path to a passwordless environment. Additional use of biometrics ensures strong authentication for user identitiesFelman said.
Second is reducing the attack surface, disabling the use of older and less secure protocols. In contrast, the executive recommends “adopt authentication in the cloud and exercise greater control over administrative access to resources.”
The third recommendation is automating the response to threats in order to block risky access.
(Read on: AI-powered camera makes hybrid work easy.)
The fourth step will be to implement cloud intelligence in order to monitor and process audit logs.
“Finally, employees must be empowered with self-service. Implement autonomous password reset, provide autonomous access, and provide users with secure repositories for downloading applications and filesFelman concluded.
BRIEFCASE
