With the pandemic period, the importance of carrying out daily work over the Internet increases and money flow is now through virtual systems. Considering this situation as an opportunity, cyber threat actors are constantly carrying out cyber attacks that are more complex, harder to detect and resulting in large financial/reputation losses.
We are getting the news that a different institution has been hacked every day. The attacks that took place show that the security perspective we have adopted is not correct. We must adopt a different security perspective in order to be protected from cyber attacks that are becoming more and more complex every day.
Zero Trust is a security model that suggest security analysis of all activities, assuming that the devices/applications/activities inside and outside the organization are harmful.
Let's remember the Solarwinds incident that caused panic around the world.
We have received the news that states, institutions and technology companies that invest the most in cyber security were hacked due to a patch coming from Solarwinds Orion product. When we examine the technical details of the cyber attack carried out by the UNC2452 threat actor published by FireEye, we see that the attack was planned and complex. The threat actor remained in Solarwinds systems for a long time without being detected for the success of the cyber attack.
So wasn't all the security products purchased, all the systems that were tightened and all the investments made enough to protect against cyber-attack?
Security products change and evolve every day, but it is not that easy to change our perspective. Even if you buy the best(!) security products, it is inevitable that you will be hacked on a system you trust by default.
The Solarwinds incident has proven to us that our perspective for future cyber attacks is not enough to keep up with cyber threat actors. The importance of the Zero Trust model has once again emerged in order to detect cyber attacks and prevent attacks.
Zero Trust is a model that creates slightly more workload and requires employees with sufficient technical knowledge. With LetsDefend.io, you can practice on real cyber threats and gain the ability to detect potential harmful activities on networks.
