Remember meForgot password?
    Log in with Twitter

article imageMicrosoft bug shows importance of a zero trust protocol Special

By Tim Sandle     Dec 5, 2019 in Technology
A recently identified cyber-risk connected to Microsoft’s login systems shows the risk with trusting known vendors for enterprise cybersecurity. A security expert tells Digital Journal that a 'zero trust' approach is the best security measure to adopt.
With the new type of cyber-threat, although many workers are vigilant of emails from unknown senders, cyber-criminals can readily form fake websites or send messages that appear to derive from known apps or from established companies. Connected with single sign-on protocols for third party websites, people can unwittingly reveal key data without appreciating the level of risk.
Sudhakar Ramakrishna, CEO of Pulse Secure, tells Digital Journal that the concept of 'zero trust' can halt cyber-criminals from targeting so-termed “trusted” sources. Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access.
According to Ramakrishna the newly identified Microsoft login weakness demonstrates the necessity to advance zero trust access protocols in each firm. By this he means that while companies have invariably put in place processes designed to inform employees not to open emails from unknown sources, it remains that: " hackers are circumventing this awareness by exploiting flaws in trusted apps or by creating fraudulent websites that mimic trusted entities."
The consequence of this is, Ramakrishna explains is that: "Victims can expose their login credentials simply by visiting a fake website or clicking a seemingly innocuous link from a trusted source, allowing hackers to access their accounts without them ever realizing – in this case, capturing Microsoft access tokens."
With a new mind-set - 'zero trust' - companies will be able to "increase user and the device verification, and add additional authentication factors depending on the context of the request, to prevent hackers with stolen credentials from accessing secured systems even with a credible login."
Ramakrishna explains further what the new approach entails: "Zero Trust also requires continuous re-verification of all users, applications and devices, so even “trusted” sources are consistently vetted, thereby making it significantly more difficult for hackers to successfully imitate an app or user.”
More about Microsoft, zero trust, Cybersecurity
More news from
Latest News
Top News