With remote work having risen substantially during the Covid-19 pandemic, cybersecurity has become increasingly complicated. According to the Cost of a Data Breach Report 2020 from consulting firm Capita, remote workforces have increased the average total cost of a data breach by nearly $137,000. Danny Jenkins, CEO of security technology provider ThreatLocker, believes the best way to combat this is a zero-trust policy.
“A zero-trust concept basically means start with no trust, and only apply trust where it is required,” he says. “Every time you open a programme on your computer, it has access to all of the data that you have access to. We assume that these applications aren’t going to steal our data and we instil trust in them, but sometimes they get compromised.
“By implementing a zero-trust strategy, we stop applications running that aren’t needed by the business. The philosophy is to only allow what is needed, as opposed to allowing everything and then trying to look for those things that could be problematic later.”
Despite its prevalence on our devices and its reputation for being a fix-all solution to cyberattacks, Jenkins says that organisations should not rely solely on antivirus software for their cybersecurity.
“Antivirus software is essentially trying to understand if something is good or bad, and then block the bad things,” he explains. “They do this by relying on a blacklist and using past experiences to create rules that designate applications as bad. But this creates problems in two ways.
“First, if the antivirus software decides that, for example, synchronising with the internet means a cyberattack is impending, then it ends up blocking legitimate file-synchronisation tools. It is very difficult for an antivirus to tell the difference between something like Dropbox and a custom piece of malware. They do the same thing and sometimes with the exact same code. Fundamentally, it often fails.”
Jenkins says that the other problem with antivirus software is that it can fail to prevent attacks that weaponise ‘safe’ applications. “For example, someone recently hacked into a water company in Florida and changed the hydrogen chloride levels to 11,000 parts per million, which is essentially poison,” he says. “They did this using a remote access software. They didn’t need malware, so the antivirus didn’t detect it.”
Cybercriminals are changing their tactics all the time and, using zero-day attacks, they are exploiting software before or as a patch is released.
“These attacks are generally known about before a programme has been patched,” says Jenkins. “A lot of cybercrime revolves around providers not patching their systems. But when you have a zero-day attack, it doesn’t matter how good your cyber hygiene is, how well you patch your systems, you’re still vulnerable.”
But organisations can mitigate the risk of these attacks.
“Although these attacks exist, you should still patch your systems to avoid non-zero-day attacks,” says Jenkins. “But you should always assume that your network and infrastructure are compromised and impose controls inside your environment that restrict movement once somebody gets in.”
In early 2020, US-based software firm SolarWinds was the victim of a cyberattack that spread to its clients. For clients that used Ringfencing for the SolarWinds applications, the attack was limited to the assets it was able to access inside their networks.
“If you limit what an application can do, when it’s compromised, the amount of potential damage is limited to what it needs to access,” says Jenkins. “So, for example, if accounting software QuickBooks is compromised and it only has access to the QuickBooks Database, then that is the only thing it can damage. Limit what an application can do at multiple levels and you can really harden your attack.
“Don’t trust anything past what it needs to do, and then when you get breached, your breach is going to be so insignificant it doesn’t matter. If you adopt an open-wide approach, breaches create business-ending consequences. The most likely way to go out of business in 2021 is a cyber breach.”
ThreatLocker is helping its customers to implement these security protocols.
“We exist to bring these zero-trust controls, which were previously only available for very large enterprises, to the endpoint,” says Jenkins. “A small business or a managed service provider has many clients all running different software, with updates on their own schedules. Zero trust gets very complicated at this point because you now have to worry about all those updates.
“We have taken this concept of zero trust and created predefined parameters of what is required to run programmes such as Windows or Microsoft Office so that the customer doesn’t need to worry if various updates will get blocked.”
ThreatLocker Ringfencing secures applications so that they cannot interact with other parts of a system in a negative way.
“We compartmentalise those attacks, so if there’s a vulnerability in a piece of software, if there’s a zero-day vulnerability, the likelihood of an effective attack is reduced massively, if not completely. We’re giving customers new levels of visibility and control.”
This article was originally published in the Spring 2021 issue of The Record. To get future issues delivered directly to your inbox, sign up for a free subscription.