From the 2020 different types of companies began to carry out a massive migration of stores and physical offers to online services thanks to the cloud However, the change of environment in which the activities of these businesses, small, medium and large, generated doubts regarding the security that offers the Internet for your operations and not be harmed by bad online agents.
In the case of cyber attacks, those that were based on the modality of “password spray”, which consists of the insistent use of the same password in several accounts, were increased in 230% and of the total number of cyberattacks, the 91% started through a email.
However, the most used modality between 2020 and 2021 was that of phishingwhich consists of the impersonation of an entity, company or person by cybercriminals so that victims voluntarily hand over their access codes to different profiles and services on the Internet. Just last year, for example, 160,000 websites related to phishing attacks were closed by Microsoft.
As a result of this, companies such as the technology giant promote the adoption of security systems based on a strategy called Zero Trustwhich implies assuming that any process that is protected is actually not and, therefore, can be attacked by agents malicious.
The premises of Zero Trust in cybersecurity
According to the American company, the principles of this form of information protection imply:
– Verify explicitly: It is necessary that each person who enters the system be authenticated Y authorized in each of the possible data, which include the identity of the user, his location, the state of
he deviceservice or workload, data classification, and anomalies that may occur during your work period.
– Use access with the least privilege: The systems They must allow users to do what is fair and necessary so that they can carry out their work normally, so that information is not lost and productivity is considered.
– Assume the violation: In the event of a security breach of the company’s systems, the first thing to do is to minimize the amount of damage that can be done. Once it is achieved, a boost must be carried out for the early detection of possible threats to avoid new violations.
According to Marcelo Felman, director of cybersecurity for Latin America in microsoft“it is important to invest in tools and capabilities that limit the loss of information and constantly monitor any data leaks or exposures.” It should be considered that computer attacks also influence the way customers perceive the security and reliability of a business.
Five steps to implement cyber security with Zero Trust
– Strengthen credentials: The use of multi-factor authentication, which allows verification of user identity, is very important for the protection of the company’s digital infrastructure. Managing strong passwords is key and if biometric access is used, rigorous identification is ensured for all workers.
– Reduce the attack surface: The old protocols are useless in case of violations. It must be kept updated, automated and secure. It is also possible to adopt cloud authentication and exercise greater control over administrative access to company resources.
– Automate the response to threats: In the event of security breaches, it’s good to have ready ways to counter-arrest the problem by securely changing passwords on a regular basis rather than letting a user handle it on their own with a key too small. simple.
– Use cloud intelligence: Companies can invest in the use of intelligence and security systems within the organization’s system. It is also possible to strengthen security policies within companies.
– Empower employees with self-service: Organizations can implement stand-alone password reset, as well as provide access to groups, applications, and provide users with secure repositories for downloading material needed for their professional development.