To Protect Against Cybercrime, Understand How it Works [On-Demand Webinar]
Cybercrime is completely different than physical crime. To know how to protect against it, you need to understand how it works.
In a recent webinar, Forrester analyst John Kindervag and Cryptzone VP of Products Jason Garbis, offered a view on why all cybercrime is an inside job, the different types of ‘insiders’ and how to protect the enterprise against security breaches.
Key topics discussed during the webinar include:
The two types of insiders – carbon based and silicon based – within each organization.
A carbon based insider is someone who is trusted within the organization, but acts maliciously because he or she understands that there is a lack of access control. Kindervag uses Pfc. Manning as the poster boy for a carbon based data breach. A silicon-based insider is your servers and your infrastructure, essentially all the things that make up your network that help cyber criminals commit a cybercrime.
Interactions between carbon based and silicon based insiders
Cyber criminals work to get access control. And once they have access, the lonely server wants to talk to the hacker. Kindervag says that you have to treat everyone like and insider because it isn’t like robbing a bank where you are always an outsider. Instead it is about infiltrating the bank – you stand behind the counter and people readily give you money. Gaining access to the network isn’t about brute force knocking down the front door, instead it is obtaining credentials, using them to get access and once in, having freedom to roam because he or she looks like an insider.
The recommendation? Treat everyone as a risk.
An in-depth analysis of the Target data breach
The US Senate Committee on Commerce showed the timeline of the now famous Target breach. It started all when attackers stole Fazio, a third party vendor’s credentials, used to access a server stored within Target’s network. These attackers then became trusted users inside the network by using malware. And because Target was only looking outside the network, they didn’t see the breach until the Department of Justice notified the company. See the on-demand webinar for the graphical timeline.
A data security and control framework
Kindervag suggests a framework that outlines defining, dissecting and defending your data, suggesting that there are only four ways to defend your network – access, inspect, dispose and kill. This gives way to the Zero Trust model of “information security that identifies the fundamental problem as a broken trust model where users and traffic inside the network are trusted, and those external to the network are untrusted.” He then outlined the 3 core concepts of zero trust. View the webinar for the framework and pillars of zero trust.
A ready to adopt solution to protect against ‘inside jobs’
Watch the on-demand webinar now so you can learn more about the Zero Trust model, the foundations of zero trust and a ready to adopt solution that leverages these core concepts using a ‘segment of one’ to protect against ‘inside jobs’. Watch it now.