Well, to be blunt, no.
With the increasing use of artificial intelligence, threat actors continue to proliferate. They are using AI to automate and scale up their activities — witness with the increasing use of deepfakes for impersonation and malware that is seemingly more sophisticated. Added to that, there are increasing discussions about encrypted data being exfiltrated and while the data is encrypted in these cases you do not need to be concerned, right? Wrong. Bad actors are holding on to your data until the day quantum computing is able to break our current encryption algorithms. Will that happen today or tomorrow? No. This possibility is “sometime in the future”. Comfortable? I’m not.
So, what can you do and who can you trust? The latter part of the question is really for you to determine (well, you, your CISO, and the security team). The first part of the question is complicated as it depends on the scenario. Rather than attempting to cover them all, we can just look at your network and data center. Initial thoughts include (and hopefully your team is already doing some of these):
- Encrypt all data at rest
- Ensure all data transfers are encrypted
- Utilize Multi-Factor Authentication (MFA) — even for internal access to devices
- Implement minimum password lengths (i.e., minimum of 12 characters)
- Segment major applications environments (e.g., utilize internal firewalls)
- Implement a Zero Trust Network Architecture (ZTNA)
The top four bullets will certainly reduce the chance of threat actors gaining access to your network and if they do, only getting encrypted data. If your data is encrypted, you’re heading in a good direction. If you’re only encrypting data that’s highly sensitive to your organization, reconsider: many times, sensitive data can be inadvertently mislabeled. Using MFA will reduce the exposure of devices and the network itself, especially coupled with lengthy passwords (consider 14 or 16 characters).
The fifth bullet above is a suggestion to segment or isolate environments, which can help reduce data loss if by chance a threat actor gains access to an application (possibly through a phishing email). Isolating the environment with a firewall should result in the threat actor having no access to infiltrate any other application.
The last bullet represents the model of “least privilege” — meaning that a user is only given access to the resources they need for their duties and nothing more. There are many benefits to this approach, as user requests are checked against the security posture of the application/device/etc. The ZTNA core principle is that any access should be considered a potential threat. Easy decision to make, right? Yes, but unfortunately, implementing ZTNA is a complex effort, and, maintaining the entire environment (e.g., configuring, testing, monitoring, etc.) can require a large dedicated team. Don’t let that dissuade you from embarking on the effort. While considering implementing ZTNA, also discuss data loss prevention (DLP) with your team. If threat actors gain access, DLP may help reduce (or eliminate) any data loss.
Dan Kempton is the Sr. IT Advisor at North Carolina Department of Information Technology. An accomplished IT executive with over 35 years of experience, Dan has worked nearly equally in the private sector, including startups and mid-to-large scale companies, and the public sector. His Bachelor’s and Master’s degrees in Computer Science fuel his curiosity about adopting and incorporating technology to reach business goals. His experience spans various technical areas including system architecture and applications. He has served on multiple technology advisory boards, ANSI committees, and he is currently an Adjunct Professor at the Industrial & Systems Engineering school at NC State University. He reports directly to the CIO for North Carolina, providing technical insight and guidance on how emerging technologies could address the state’s challenges.
Leave a Reply
You must be logged in to post a comment.