Knowledge On What Threats Should We Emphasize in Overseas Offices? Explaining the Idea of Zero Trust

What threats can we prevent by zero trust? Illustrating increasingly diversifying and complex cyber threats in a comprehensible way


img

In this increasingly digital society, we have experienced major changes in our lifestyles. But while digital technologies provide convenience cyber security-related threats are magnified to a global level. Information assets, which used to be isolated inside a company’s internal network, are now stored in a wide range of complex network environments, resulting in an increase in security threats such as unauthorized access, data leakage, spam/malware, and zero-day attacks.

The zero trust model has been attracting a lot more attention lately as a new security approach for addressing such security threats. Based on the principle of not trusting anyone and verifying everything, according to the zero trust model any access should be distrusted and no access to data should be permitted until the access is verified properly.

This article describes how to protect your information assets from security threats, including unauthorized access, data leaks, spam/malware, zero-day attacks, and unknown threats, through the introduction of the zero trust model. Moreover, we discuss, in a clear and concise way, points that should be implemented at overseas offices.

1. Threats of Unauthorized Access from Inside/Outside an Organization and Measures against Them

An unauthorized access is the best known security threat. This section describes what unauthorized access is, what kind of impact it has on us, and what measures we should take against it.

What is unauthorized access?

Unauthorized access is access to a system or data from an unauthorized user. There are two types of unauthorized access.

The first is unauthorized access from inside an organization. This means that unauthorized access is gained by an employee or worker within the company or organization. Such unauthorized access can be done intentionally as a malicious act or by someone acting in error. For example, even when authorized employees access confidential information, if they use the information improperly or share the information with someone else improperly, this act is regarded as unauthorized access.

The second type is unauthorized access gained by someone from outside the organization, namely a malicious hacker or cybercriminal. Malicious hackers and cybercriminals employ every possible means to break into a system. They then crack the system and steal the data.

従来型セキュリティとゼロトラストセキュリティの概念図

Damage from and impact of unauthorized access

There are many types of damage from unauthorized access, and the company or organization can suffer severe effects from it. This section describes what damage we can suffer from unauthorized access from inside/outside an organization and how it could affect us.

Damage from and impact of unauthorized access from inside an organization

Unauthorized access from inside an organization can lead to outflow of information assets, which are very important to the company, as well as other problems such a system outages. If a company's confidential information is leaked and therefore the company's business strategy comes into the open, its overseas offices may also lose a competitive advantage. Moreover, outflow of customer information and personal information will lead to loss of credibility in the eyes of customers, which harm brand reputation. A system outage is directly linked to business shutdown. In addition, it will generally take a lot of time to restore the damaged system, so the company will suffer ongoing adverse effects over a long period of time.

Damage from and impact of unauthorized access from outside an organization

Damage from unauthorized access from outside an organization is basically the same as that from inside it. However, there are many elaborate, large-scale attacks that are aimed at leaking large amounts of personal data or stealing financial information. Therefore, once a company is damaged by such an attack, not only the company itself but general consumers can be affected.

Measures against unauthorized access through the use of zero trust

In the zero trust model, you do not trust any user or device, and therefore verify every request. You then assign an access right based on the Principle of Least Privilege (PoLP). This is how you can make it possible to minimize the risk of unauthorized access.

At overseas offices, it is important to be committed to compliance with regional laws and regulations concerning unauthorized access as well as be education and training for employees in consideration of the culture of each overseas office.

2. Threats of Data Leaks and Measures against Them

Next, let us discuss threats of a data leak and the outline, system, and features of cloud orchestration as a security measure against a data leak.

What is a data leak?

A data leak means unintentional or unauthorized disclosure of a company's confidential data to the outside of the company. It can be triggered by various factors such as an inadvertent or malicious act of an internal employee, invasion by an external cybercriminal, and infection with malware. We also have wide-ranging information that could be damaged by a data leak, including customer information, personal information of, for example, employees, intellectual property, and information about sales and profit.

Damage from and impact of a data leak

A data leak can not only cause economic loss but also affect the rating or credibility of the company and/or its brand. Because a company's internal information has come into the open, the company may lose a competitive advantage at the global level. If personal information is leaked, the company will be responsible for taking swift measures based on the Act on the Protection of Personal Information. Furthermore, there is a possibility that the company may have to pay a fine or be sued.

従来型セキュリティとゼロトラストセキュリティの概念図

What is cloud orchestration?

Cloud orchestration is a solution that manages multiple cloud services and resources in an integrated way and automates them with the use of technologies such as a container technology, IaC (Infrastructure as Code), SIEM (Security Information and Event Management), or SOAR (Security Orchestration, Automation and Response).

IaC is an approach for defining and managing settings of infrastructure, such as servers and networks, as codes. Use of IaC enables you to automate deployment of and changes to infrastructure, and easily reproduce them.

By using these technologies to apply and manage security policies in an integrated fashion, you can prevent neglected or conflicting security settings with respect to individual systems and enhance the security level overall.

Cloud orchestration also enables unitary monitoring of the entire system, real-time detection of abnormal accesses and activities, and automatic implementation of necessary countermeasures. It reduces the risk due to human error or delays in taking action and prevents damage such as data leaks.

従来型セキュリティとゼロトラストセキュリティの概念図

For detailed information on SIEM and CASB, see "What are the components of zero trust? Explaining the best security technology required for the IT environment that is becoming increasingly diverse at overseas offices." 

* Related Article: What are the Components of Zero Trust? Explaining the Best Security Technology Required for the IT Environment that is Becoming Increasingly Diverse at Overseas Offices

Measures against data leaks through the use of zero trust

Cloud orchestration and zero trust mutually complement one another in order to enable unified management and advanced automation. To realize the zero trust model, a variety of security elements, such as endpoints and network security, must be operated in a consistent manner. By controlling these elements unitarily and automating them, cloud orchestration plays a role in helping to realize the zero trust model.

Because you can track and monitor users' behaviors precisely with the use of cloud orchestration, it is possible to detect abnormal access immediately and take appropriate action. Consequently, we will be able to dramatically reduce the risk of data leakage at overseas offices, where we have fewer human resources. By selecting a tool with sufficient documents and support, smooth introduction and operation can be achieved even at a small-scale overseas office with few workers. If the company lacks enough personnel who have specialist skills and resources required for the initial system building and operation, however, we recommend outsourcing the tasks and operations.

3. Threats of Spam/Malware and Measures against Them

Similar to how we need to take measures against unauthorized software such as spam and malware in Japan, it is also important to take necessary actions for such software abroad. This section describes threats of spam and malware as well as measures against them.

What is spam? What is malware?

Spam and malware are easily confused with each other. Let us take a look at details of these terms.

What is spam?

Spam means sending unrequested messages to many people at once through email or social media. There are many types of spam, from commercial messages to malicious fraud, and a sender of spam send a lot of messages without the consent of receivers. Spam messages disturb our general communication and what is more, they often contain infectious links and attachments, which creates a security risk for receivers of such messages.

What is malware?

Malware is an abbreviation of malicious software and is a general term for software that attacks computer systems and damage them. Examples includes viruses, Trojan horses, worms, and spyware. Malware infection can induce different forms of damage, such as unauthorized information gathering, functional restriction and breakdown of the system, and attacks on other systems.

従来型セキュリティとゼロトラストセキュリティの概念図

Damage from and impact of spam/malware

The damage from and impact of spam and malware are as follows, respectively.

Damage from and impact of spam

The major problem with spam is wasted time and lost productivity. However, spam is sometimes used as a trick for malware infections and phishing scams. The spread of malware through fictitious links and attachments can develop into larger problems such as theft of personal information and/or credit card information, or worse, system breakdown.

Damage from and impact of malware

There are many different types of damage from malware. Possible damage from malware includes theft of personal information, loss of money, poor performance of systems and networks, and loss of the company's reputation and trust. Ransomware, a type of malware, encrypts a user's data and demands a ransom for its release.

Measures against spam/malware through the use of zero trust

The basic concept of the zero trust model is not to trust any access, regardless of whether it comes from inside or outside a network. This concept is very important for protecting systems from spam or/and malware, and is effective even after malware has broken into a network. Based on the Principle of Least Privilege (PoLP) for zero trust, only minimum access limited according to the authority level is permitted even after malware has penetrated the network. This mechanism prevents the malware from spreading within the system.

In addition, abnormal behaviors can be detected promptly by always monitoring the system and constantly acquiring logs. It is possible to block a malware attack and localize damage by early detection and swift response.

4. Zero-day Attacks/Unknown Threats and Measures against Them

Finally, we discuss zero-day attacks and unknown threats as well as countermeasures against them.

What is a zero-day attack? What is an unknown threat?

Details of a zero-day attack and unknown threat are as follows.

What is a zero-day attack?

A zero-day attack means an attack aimed at an undisclosed vulnerability of in software or a system. A surprise attack is launched before even the developer of software or a system has found its vulnerability, so nobody knows the attack even exists until it is actually carried out. That is why it is called a zero-day (0th day) attack. Because a zero-day attack usually happens before vulnerability of software or a system has been revealed to the public, it is difficult to prepare your defense early, so there is a high possibility of serious damage.

What is an unknown threat?

An unknown threat is an attack that uses a technique that cannot be prevented by known security measures and aims at a vulnerability that has not yet been identified. Because such an attack is unknown, it is difficult to take countermeasures. Therefore, it poses a great risk that can threaten the company's IT systems and information assets.

従来型セキュリティとゼロトラストセキュリティの概念図

Damage from and impact of a zero-day attack/unknown threat

A zero-day attack and unknown threat can bring serious damage because an attack is launched before we complete a protection plan. We are at risk not only of theft of important company data but also of delayed business and a significant loss of business due to system breakdown. If a company has lost its credibility due to such an attack, the company will be immeasurably affected for a long period of time.

Measures against zero-day attacks and unknown threats through the use of zero trust

Zero trust is also effective for zero-day attacks and unknown threats. All users are authenticated every time they gain access. Even if a user is authenticated successfully, access to only minimum resources will be permitted based on the Principle of Least Privilege (PoLP). Even for a zero-day attack or unknown threat, we can narrow the scope of potential attack as long as resources that users can access are limited.

It is also possible to take quick action against an unknown threat and minimize damage by swiftly detecting abnormal behaviors and unknown patterns.

5. Summary

This article introduced the threats that using zero trust can prevent. Overseas offices tend to have fewer human resources but need to adopt a security system that ensures regional compliance. KDDI is implementing support for attaining zero trust at overseas offices. If you’re unsure about how to put efficient security measures in place, please contact KDDI. Next, we will introduce the roles of endpoint security in the zero trust security model.

Please consult a KDDI consultant.