With the new type of cyber-threat, although many workers are vigilant of emails from unknown senders, cyber-criminals can readily form fake websites or send messages that appear to derive from known apps or from established companies. Connected with single sign-on protocols for third party websites, people can unwittingly reveal key data without appreciating the level of risk.
Sudhakar Ramakrishna, CEO of Pulse Secure, tells Digital Journal that the concept of ‘zero trust’ can halt cyber-criminals from targeting so-termed “trusted” sources. Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access.
According to Ramakrishna the newly identified Microsoft login weakness demonstrates the necessity to advance zero trust access protocols in each firm. By this he means that while companies have invariably put in place processes designed to inform employees not to open emails from unknown sources, it remains that: ” hackers are circumventing this awareness by exploiting flaws in trusted apps or by creating fraudulent websites that mimic trusted entities.”
The consequence of this is, Ramakrishna explains is that: “Victims can expose their login credentials simply by visiting a fake website or clicking a seemingly innocuous link from a trusted source, allowing hackers to access their accounts without them ever realizing – in this case, capturing Microsoft access tokens.”
With a new mind-set – ‘zero trust’ – companies will be able to “increase user and the device verification, and add additional authentication factors depending on the context of the request, to prevent hackers with stolen credentials from accessing secured systems even with a credible login.”
Ramakrishna explains further what the new approach entails: “Zero Trust also requires continuous re-verification of all users, applications and devices, so even “trusted” sources are consistently vetted, thereby making it significantly more difficult for hackers to successfully imitate an app or user.”