Michael FriedrichJune 17, 2022
The New Front Line is the Old Front Line
As the attack surface broadens and adversaries get smarter and more aggressive, the time is now for a Zero Trust approach.
The year was 1996 ... corporate IT assets could be strictly tracked to corporate-controlled data centers. There was no widespread use of VPN technology, everyone had desktops (yes, there was a time before laptops were feasible and available en masse) and fixed firewalls defined the boundary (or so we thought).
Ah, the good old days. Back then, your own IT was generally not your enemy. But now, with the massive increase in the rise of ransomware, malware, phishing, etc., bad actors are quickly turning your own IT against you. Not only can they penetrate your network and steal critical and confidential information, but they can also destroy your business by simply denying you access to your own data.
The real world of a modern enterprise business or government agency involves hosting environments on- and off-premises (note: for this conversation, third-party data centers should be considered on-premises and cloud as off-premises). It involves operational technology (OT), information technology (IT) and Internet of Things (IoT) systems.
The best description for the new operating environment is hybrid. Since access to all these assets exists throughout your user base, the number of touch points increases, and therefore the attacker’s ability to hurt you grows exponentially.
Gartner recently published some disturbing thoughts on this trend, suggesting that by 2025, bad actors will be able to use your own IT assets to “successfully harm or kill humans.”
Some recent prime examples where attacks on IT, OT or IoT caused significant harm are:
- Sony Pictures
- British NHS
- Universal Health Services
- Colonial Pipeline
- Kia Motors
- JBS Foods
Bad actors are not limiting themselves to attacks on industry. Government entities around the world are also being hit with constant attacks. Notable recent government entity attacks include:
- United States Government
- British Government
- Iranian Government
- State of Texas
- State of Georgia
- State of California
- State of Florida
- City of Baltimore
- Riviera Beach, FL
- New Bedford, MA
It is time to admit the perimeter is dead and changes are needed. As we discussed in this blog post, the warnings from CISA keep coming almost as quickly as the attacks.
Each organization’s journey to Zero Trust will be unique, but the fact is that beginning the process ASAP will make the road much easier. It is time to start assessing your assets (i.e., cameras, printers, hosted workloads, laptops, phones, sensors, etc.) to ensure you know where they are and who truly needs access to them and under what conditions. The time to start that process is now.
A true software-defined perimeter (SDP) solution such as Appgate SDP (which is grounded in the Zero Trust methodology) will address all use cases (remote access and on-campus, on-premises and cloud, OT, IoT, etc.), create a flexible and secure access plane and integrate all assets into a single policy engine for ease of management.
When you implement Appgate SDP, an industry-leading Zero Trust Network Access (ZTNA) solution, you will make it much harder for bad actors to execute attacks against your IoT, OT and IT systems. You can put significant barriers in place to prevent them from infiltrating your environments, monitoring your communications, stealing your data and blackmailing your organization for access to your own data.
The time for change is now. Appgate SDP can help you begin this journey toward re-securing your systems and data.
To learn more, I invite you to: