InfoSecBulletin Cybersecurity for mankind
Nearly 90% of organizations have started adopting zero-trust security, but there is still a lot of work to be done, says a report from CISCO.
86.5% of global information security professionals have begun implementing parts of the zero-trust security model. However, only 2% have completed their deployments.
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
CVE-2024-12284
Citrix Issues Security Update for NetScaler Console
CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries
Hacker chains multiple vulns to attack Palo Alto Firewall
150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh
Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru
Cisco measures maturity based on four “pillars”:
- Identity, which includes multi-factor authentication (MFA)
- Device, which includes continuous validation of users’ devices
- Network and workload, which includes network detection and response, as well as micro-segmentation
- Automation and orchestration, which includes security orchestration and automated response (SOAR)
ALSO READ:
Windows hello fingerprint auth bypassed on Microsoft, Dell, Lenovo laptops
Organizations don’t need to implement all four pillars of zero trust to see benefits. For instance, completing the identity pillar lowers the risk of ransomware events by almost 11%. Completing the network and workload pillar reduces the likelihood of malicious insider abuse by 9%.
Organizations that have implemented all four pillars have a big payoff. Only 2% of the survey sample falls into this category. These organizations are two times less likely to report security incidents compared to those who are just starting their zero-trust journey. To read the full report click here.
Big jump toward zero trust:
Survey results this year show that organizations are becoming more aware and mature regarding the concept of zero trust. This was noted by J. Wolfgang Goerlich, a Cisco Advisory CISO.“In past studies, a significant part of the sample said they had zero trust in place and were good to go.”
“This year we dug into the technology stack and asked them what technologies they were using, what zero trust aspects have they deployed,” Goerlich continues. “In doing that, our findings went from a large percentage of people saying they deployed zero trust to 2% saying they made progress across all the pillars. That reflects a maturation in security and IT leaders’ understanding of zero trust. Two years ago, people would say, ‘I did identity. I’m good.’ Now that they’re into a real strong push behind zero trust, they’re realizing they need device controls, network coverage, and automation and orchestration.”
“The more organizations know about zero trust, the less they feel competent in zero trust,” Goerlich adds. “The more they learn, the more they realize they need to go further.”
