Why consumers must adopt a 'zero trust' approach to security [Q&A]
A lot has been written about the consumerization of IT, but when it comes to personal security Josh Wyatt, VP of global services engagement at Optiv Security, believes consumers would be well served to take a page from the corporate cybersecurity playbook and adopt a 'zero trust' security strategy.
We recently spoke with Josh to find out how zero trust security can help consumers defend against cyberattacks, what types of threats we need to be aware of, and how this all relates to the business world.
BN: Before we dive into this topic, can you give us a high-level overview of zero trust security in the corporate world?
JW: The concept behind the increasingly popular zero trust security strategy is simple: trust no one. Taking it one level deeper, zero trust helps organizations implement, enforce and maintain strict access controls by adopting an approach to security where IT and security teams do not trust anyone or any action by default -- even if a user is already inside the network perimeter.
Instead, users must authenticate themselves before they are granted further access to systems, IP addresses, machines, etc, and each individual transaction is evaluated based on need and risk. The biggest benefits of zero trust in the corporate world are stronger access control and minimized risk associated with overly permissive, unnecessary or outdated user privileges.
BN: How can consumers adopt this zero trust approach to stay safe?
JW: This is an interesting question, as it touches on the consumer versus enterprise zero trust concept. Enterprise zero trust is much more about ‘internet first’ authentication capabilities, and this question touches more on end-user education, which teaches 'trust no one' as a foundational component.
That said, from an education perspective, everyone needs to understand that cyberattacks and scams escalate during particukar periods such as holidays. The price of living in a universally connected world is that we are now universally attacked -- and the only answer to defend against this constant barrage of threats is to adopt a zero trust mentality. This means consumers should trust no one, and assume hackers and scammers are on the other end of every form of communications -- whether it's emails from UPS, promos on social media, telemarketers asking for charitable donations, or even people knocking on their front door.
BN: Are there other security tips that you recommend?
JW: Absolutely, and they're all founded on the trust no one mentality. Consumers should:
- Be aware that phishing attacks will be at an all-time high during the holiday season and question any request for personal information that comes over email or online. Bogus shipping emails are particularly common during the holidays.
- Refrain from trusting phone solicitations from charities and businesses, because they might be scams. Senior citizens, in particular, are a favorite target of scammers because they tend to have nest-eggs and trust the telephone.
- Closely monitor credit card statements. Assuming credit card numbers have been stolen is a safe bet today, given the number of data breaches that have occurred. Ironically, the sheer number of stolen card numbers is the best protection consumers have today, because it’s impossible for criminals to use them all.
- Be suspicious of any 'too good to be true' deals on social media, as they could be attempts to direct people to malicious websites or to steal personal information. Travel scams, in particular, proliferate during the holidays.
BN: Are attacks a factor in the workplace, too?
JW: 100 percent. Cybercriminals don't just target consumers through their personal contact information and social media profiles; they also go after professional email addresses and accounts. Additionally, many employees check their personal accounts on corporate networks, putting their companies at risk.
Organizations would be well served to hold holiday-focused training and awareness sessions, so their employees understand the types of attacks they may face and the tools required to defend against them.
BN: Is there anything else we need to know about this topic?
JW: Everyone should think about adopting zero trust habits for personal security, and those habits should be maintained moving forward. In fact, this would be the perfect New Year's resolution for anyone using connected devices. Attacks and scams may spike during the holidays, but they don't end when the ball drops in Times Square. Making zero trust a core component of personal security practices can help individuals stay safe from cyberattacks all year round.