Early Learnings From Advanced Hack and How Zero Trust Can Help

/in


Over the past year, there have been a number of successful ransomware attacks that have made online security a hot topic across the globe.

In fact, just recently it was reported that Advanced, a technology vendor that provides the architecture for services such as patient check-in and NHS 111, fell victim to a ransomware attack in August 2022. Whilst the investigation is still ongoing, Advanced predicts that it may take several months to get some of its services back online. Therefore, instead of focusing on patient care, doctors are having to manually process mounting piles of medical paperwork which is of course time consuming, arduous, and inefficient.

However, it appears that Advanced are taking the security lessons in their stride and looking to bounce back from this incident. According to a statement, Advanced said they were “rebuilding and restoring impacted systems in a separate and secure environment” by “implementing additional blocking rules and further restricting privileged accounts for Advanced staff” and “conducting 24/7 monitoring.” These are key principles of a Zero Trust Architecture. While Advanced probably had elements of Zero Trust beforehand, it is reassuring to see them reinforce this network architecture when faced with a paralysing ransomware attack. Here I explore how Zero Trust principles can be applied to organisations’ existing security architecture to prevent similar attacks and reduce risk.

HOW ZERO TRUST WORKS

Zero Trust is a network security model based on a philosophy that no user or device is trusted to access a resource until their identity and authorisation are verified. This process applies to those normally inside a private network, like an employee on a company computer working in the office, remotely from home or on their mobile device while at an offsite conference. It also applies to every person or device outside of the core network. It makes no difference if you have accessed the network before or how many times — your identity is not trusted until verified each time. The idea is that you should assume every machine, user, and server to be untrusted until proven otherwise.

While this may sound difficult to…

Source…