Our Blog

3 Tips For Implementing Zero Trust Security

Looking to implement zero trust at your organisation? Don’t start your project without reading these top 3 tips from the cyber security experts at Infosec K2K.

What Is Zero Trust?

There’s no doubt about it, Zero Trust is by far one of the hottest topics on the Cyber Security scene right now. And for good reason!

First popularized by Forrester Research analyst John Kindervag, the term ‘Zero Trust’ refers to a relatively new approach to cyber security. Rather than assuming that an identity can be trusted based on credentials or location, as with traditional perimeter-based security, zero trust presumes that no connections should be trusted. By trusting no one and nothing, zero-trust ensures that only devices and users with the correct authentication and authorization are able to access an organisation’s network.

1. Don’t Trust Admin Accounts

Standing accounts with any considerable level of admin access or power can be incredibly dangerous. Misuse of this elevated access, whether intentional or not, can cause serious damage to your business’ network. What’s more, if a threat actor gains access to one of these privileged accounts, the threat is far, far greater.

A true Zero Trust model involves a “least privilege” approach – i.e. a user is only given the absolute minimum privileges required and every privilege is only granted at the exact time it is needed and for the exact duration it is needed.

2. Don’t Trust Passwords

No matter how secure the user attempts to make their passwords, they are intrinsically insecure. The well-known and often-used practice of IT teams forcing business users to pick complex passwords and change them once a quarter is simply not enough anymore.

Instead, opt for a combination of authentication methods, often known as multi-factor authentication (MFA). Alongside password authentication, these methods could include:

Certificate-based authentication
Biometric authentication
Token-based authentication
Voice authentication

3. Don’t Trust Hybrid Privileged Roles

When making the move to cloud-based systems, many organisations choose to leverage their existing on-permises processes for administration in the cloud, so they simply make on-premises administrative accounts into hybrid accounts.

This approach is incredibly unsafe, as it allows attackers to take advantage of the complex legacy nature of the accounts to attack systems and access data in the cloud. In fact, it has already led to some serious attacks on cloud infrastructure.

Our tip? Keep cloud privileged roles cloud-only!

Are you looking for support implementing or improving your Zero Trust solution? You’re in the right place!

Having carried out multiple Zero Trust projects to date, the team at Infosec K2K are the experts when it comes to building a solution that truly sticks to all the principles of zero trust security, keeping your organisation safe and secure from potential cyber threats.

Fill out the form at https://www.infoseck2k.com/contact_us or send us an email at [email protected] to get started or for some free friendly advice.

Our Blog

6 Cyber Security Trends To Stay Ahead Of In 2023

There’s no doubt about it, 2022 has been the biggest year yet for the cyber security industry. With more attacks and a greater cost per breach than ever before, the ever-changing cyber landscape can be difficult to keep track of.

To help you prepare for whatever the world of cyber crime has to throw at you, the experts at Infosec K2K have pulled together 6 key cybersecurity trends to keep an eye on over the next 12 months.

1. Evolving Cyber Threats

The Problem: As threat actors find new emerging tactics, techniques and procedures (TTPs) to exploit every day, and new vulnerabilities are constantly emerging, the threat landscape is evolving at a rate that is almost impossible to keep pace with.

How You Can Prepare For It: If you want to avoid a devastating security breach, ensuring your organisation is on top of the latest threats is a non-negotiable. We recommend putting in place a thorough crisis response plan, which can then be evaluated and evolved each time a new threat is dealt with. To see if your business is adequately prepared for the cyber threats of today and tomorrow, why not consider a security assessment? This meticulous procedure will look at every possible area of weakness in your organisation, evaluating the level of risk and providing detailed recommendations to help plug any gaps in your existing defenses.

2. Phishing

The Problem: One of the oldest but often most successful cyber threats, phishing continues to be one of the most popular methods of attack for threat actors worldwide. According to Security Magazine, businesses were hit by more than 255 million phishing attacks in the first 10 months of 2022 alone, a 61% increase on the same figures in 2021.

How You Can Prepare For It: Whilst spam filters and phishing tools can be effective in minimising the number of messages that make it through to your employees, the odd phishing attempt is bound to find its way into someone’s inbox sooner or later. The best way to prevent a successful phishing attempt is to educate your teams on the signs of a scam. Every employee in your business should know these three key things:
– How to spot a phishing email, call or message
– Who to report a phishing attempt and how
– What previous phishing attempts at your organisation have looked like

At Infosec K2K, we offer comprehensive cyber security training designed to help your employees to become more cyber-savvy, minimising the likelihood of a successful phishing attempt.

3. The Internet of Things

The Problem: As it spreads its way through our homes, offices and other shared spaces, Internet of Things (IoT) is quickly becoming an integral part of our everyday life. However, connecting a large number of devices to one seamless network brings with it a number of risks. Primarily, it only takes one device being hacked for a threat actor to gain access to the entire network of devices and the cloud network connecting them.

How You Can Prepare For It: We recommend taking great care when integrating IoT to your business and devices. Ensure that you have a strategy for built-in security and controls that can be applied to all IoT devices before you begin connecting them. When purchasing any devices, evaluate the potential vulnerabilities of each device and plug them before the device is introduced to your business, minimising the risk of a breach. Confirm that all devices are password protected (using secure and varied passwords) and that passwords are not stored unencrypted anywhere online.

4. Security At The Development Stage

The Problem: Without an understanding of the cyber security basics, many web and app developers unknowingly create vulnerabilities in the development process. This was brought to light way back in 2021, when the critical Log4shell vulnerability surfaced, yet it is still a concern.

How You Can Prepare For It: Consider how you can integrate cyber security into your development process as early as possible. How can your cyber security / IT and development teams work together? Can you move the security steps in your development pipeline right to the beginning, embedding them into the design principles, rather than seeing them as a final hurdle to jump over before go-live? Then think, how can you upskill your design and development teams to ensure a better understanding of the potential vulnerabilities they could be building into their work? If you don’t have the capacity or budget for an in-house cyber security team, don’t worry! Why not consider outsourcing to a cyber security partner, like Infosec K2K, to work in tandem with your developers?

5. The Cloud

The Problem: As flexible working becomes the norm and teams become more geographically fragmented, cloud adoption continues to accelerate. However, the move to the cloud can come with significant cyber security risks – particularly if security is not a key aspect of your adoption plan.

How You Can Prepare For It: If you are in the process of moving to the cloud, make cyber security part of your strategy for digital transformation and adopt a vulnerability management process (delivered either internally or externally) to keep an eye on it on an ongoing basis. If you have already moved to the cloud, consider a cyber security assessment to identify any potential vulnerabilities in your existing cloud environment.

6. Identity Protection

The Problem:It is a common misconception that identity theft is only a concern for the consumer, but it is also incredibly common in businesses. If enough information about your employee can be accessed online, even the least sophisticated cyber criminal can easily attempt to impersonate their professional profile and gain access to your business network.

How You Can Prepare For It: We recommend digitising as many of your processes as possible (e.g. using electronic signatures to sign important documents) and ensuring your employees understand the dangers of making their personal information available and accessible online. Something as simple as a post about a pet on a public social media profile could lead to a threat actor cracking an employee’s network password, so it is important that your employees are being careful when sharing information online.

Want to stay on top of the latest cybersecurity threats, hacks and trends? Subscribe to our weekly Cyber Newsletter here.

Are you a CISO, IT or Cyber Security professional looking for support from a reliable cyber security partner? Look no further! Fill out the form here or send us an email to see if Infosec K2K could be your new cyber specialist.