Aron Brand, CTO, CTERA, a distributed cloud file storage leader:
“Last year, cybercrime wreaked $6 trillion in havoc to organizations all over the globe. As if one global pandemic was not enough, another has emerged and it is called ransomware. In 2021 enterprise security was seriously challenged by ransomware attacks, and in response there has been a significant shift in how CISOs view data privacy.
Every attempt to access attempt a network should be considered suspicious until proven otherwise. In a zero-trust architecture, every user, device, or endpoint that attempts to connect to the network must be authenticated before gaining access. Here are four best practices to follow:
Minimize the storage of long-lived credentials on endpoint devices. Use multifactor authentication, as compromised passwords are often the weakest link in an organization’s security.
To reduce the risk for supply chain attacks, verify that IT suppliers prioritize security during the design and building of their products or services. Ask potential providers for their latest report from a third-party security assessment, and for certifications such as SOC2, FIPS 140-2 (Federal Information Processing Standard) and the Open Trusted Technology Provider Standard (O-TTPS).
Security patches must be regularly installed on all virtual machines and cloud instances, and password rotation and complexity should be enforced across the entire organization- even on machines inside the corporate perimeter.
Ensure segmentation and micro-segmentation of internal networks for fine grained access control.
As cyber-attackers become more sophisticated, it is essential for organizations to stay ahead of them and constantly revisit and review their security stance. Investing in a zero-trust architecture, and maintaining well protected backups could be the key for survival in the following decade.”