Knowledge On What Threats Should We Emphasize in Overseas Offices? Explaining the Idea of Zero Trust

An unauthorized access is the best known security threat. This section describes what unauthorized access is, what kind of impact it has on us, and what measures we should take against it.

Unauthorized access is access to a system or data from an unauthorized user. There are two types of unauthorized access.

The first is unauthorized access from inside an organization. This means that unauthorized access is gained by an employee or worker within the company or organization. Such unauthorized access can be done intentionally as a malicious act or by someone acting in error. For example, even when authorized employees access confidential information, if they use the information improperly or share the information with someone else improperly, this act is regarded as unauthorized access.

The second type is unauthorized access gained by someone from outside the organization, namely a malicious hacker or cybercriminal. Malicious hackers and cybercriminals employ every possible means to break into a system. They then crack the system and steal the data.

There are many types of damage from unauthorized access, and the company or organization can suffer severe effects from it. This section describes what damage we can suffer from unauthorized access from inside/outside an organization and how it could affect us.

Unauthorized access from inside an organization can lead to outflow of information assets, which are very important to the company, as well as other problems such a system outages. If a company's confidential information is leaked and therefore the company's business strategy comes into the open, its overseas offices may also lose a competitive advantage. Moreover, outflow of customer information and personal information will lead to loss of credibility in the eyes of customers, which harm brand reputation. A system outage is directly linked to business shutdown. In addition, it will generally take a lot of time to restore the damaged system, so the company will suffer ongoing adverse effects over a long period of time.

Damage from unauthorized access from outside an organization is basically the same as that from inside it. However, there are many elaborate, large-scale attacks that are aimed at leaking large amounts of personal data or stealing financial information. Therefore, once a company is damaged by such an attack, not only the company itself but general consumers can be affected.

In the zero trust model, you do not trust any user or device, and therefore verify every request. You then assign an access right based on the Principle of Least Privilege (PoLP). This is how you can make it possible to minimize the risk of unauthorized access.

At overseas offices, it is important to be committed to compliance with regional laws and regulations concerning unauthorized access as well as be education and training for employees in consideration of the culture of each overseas office.

Next, let us discuss threats of a data leak and the outline, system, and features of cloud orchestration as a security measure against a data leak.

A data leak means unintentional or unauthorized disclosure of a company's confidential data to the outside of the company. It can be triggered by various factors such as an inadvertent or malicious act of an internal employee, invasion by an external cybercriminal, and infection with malware. We also have wide-ranging information that could be damaged by a data leak, including customer information, personal information of, for example, employees, intellectual property, and information about sales and profit.

A data leak can not only cause economic loss but also affect the rating or credibility of the company and/or its brand. Because a company's internal information has come into the open, the company may lose a competitive advantage at the global level. If personal information is leaked, the company will be responsible for taking swift measures based on the Act on the Protection of Personal Information. Furthermore, there is a possibility that the company may have to pay a fine or be sued.

Cloud orchestration is a solution that manages multiple cloud services and resources in an integrated way and automates them with the use of technologies such as a container technology, IaC (Infrastructure as Code), SIEM (Security Information and Event Management), or SOAR (Security Orchestration, Automation and Response).

IaC is an approach for defining and managing settings of infrastructure, such as servers and networks, as codes. Use of IaC enables you to automate deployment of and changes to infrastructure, and easily reproduce them.

By using these technologies to apply and manage security policies in an integrated fashion, you can prevent neglected or conflicting security settings with respect to individual systems and enhance the security level overall.

Cloud orchestration also enables unitary monitoring of the entire system, real-time detection of abnormal accesses and activities, and automatic implementation of necessary countermeasures. It reduces the risk due to human error or delays in taking action and prevents damage such as data leaks.

For detailed information on SIEM and CASB, see "What are the components of zero trust? Explaining the best security technology required for the IT environment that is becoming increasingly diverse at overseas offices." 

* Related Article: What are the Components of Zero Trust? Explaining the Best Security Technology Required for the IT Environment that is Becoming Increasingly Diverse at Overseas Offices

Cloud orchestration and zero trust mutually complement one another in order to enable unified management and advanced automation. To realize the zero trust model, a variety of security elements, such as endpoints and network security, must be operated in a consistent manner. By controlling these elements unitarily and automating them, cloud orchestration plays a role in helping to realize the zero trust model.

Because you can track and monitor users' behaviors precisely with the use of cloud orchestration, it is possible to detect abnormal access immediately and take appropriate action. Consequently, we will be able to dramatically reduce the risk of data leakage at overseas offices, where we have fewer human resources. By selecting a tool with sufficient documents and support, smooth introduction and operation can be achieved even at a small-scale overseas office with few workers. If the company lacks enough personnel who have specialist skills and resources required for the initial system building and operation, however, we recommend outsourcing the tasks and operations.

Similar to how we need to take measures against unauthorized software such as spam and malware in Japan, it is also important to take necessary actions for such software abroad. This section describes threats of spam and malware as well as measures against them.

Spam and malware are easily confused with each other. Let us take a look at details of these terms.

Spam means sending unrequested messages to many people at once through email or social media. There are many types of spam, from commercial messages to malicious fraud, and a sender of spam send a lot of messages without the consent of receivers. Spam messages disturb our general communication and what is more, they often contain infectious links and attachments, which creates a security risk for receivers of such messages.

Malware is an abbreviation of malicious software and is a general term for software that attacks computer systems and damage them. Examples includes viruses, Trojan horses, worms, and spyware. Malware infection can induce different forms of damage, such as unauthorized information gathering, functional restriction and breakdown of the system, and attacks on other systems.

The damage from and impact of spam and malware are as follows, respectively.

The major problem with spam is wasted time and lost productivity. However, spam is sometimes used as a trick for malware infections and phishing scams. The spread of malware through fictitious links and attachments can develop into larger problems such as theft of personal information and/or credit card information, or worse, system breakdown.

There are many different types of damage from malware. Possible damage from malware includes theft of personal information, loss of money, poor performance of systems and networks, and loss of the company's reputation and trust. Ransomware, a type of malware, encrypts a user's data and demands a ransom for its release.

The basic concept of the zero trust model is not to trust any access, regardless of whether it comes from inside or outside a network. This concept is very important for protecting systems from spam or/and malware, and is effective even after malware has broken into a network. Based on the Principle of Least Privilege (PoLP) for zero trust, only minimum access limited according to the authority level is permitted even after malware has penetrated the network. This mechanism prevents the malware from spreading within the system.

In addition, abnormal behaviors can be detected promptly by always monitoring the system and constantly acquiring logs. It is possible to block a malware attack and localize damage by early detection and swift response.

Finally, we discuss zero-day attacks and unknown threats as well as countermeasures against them.

Details of a zero-day attack and unknown threat are as follows.

A zero-day attack means an attack aimed at an undisclosed vulnerability of in software or a system. A surprise attack is launched before even the developer of software or a system has found its vulnerability, so nobody knows the attack even exists until it is actually carried out. That is why it is called a zero-day (0th day) attack. Because a zero-day attack usually happens before vulnerability of software or a system has been revealed to the public, it is difficult to prepare your defense early, so there is a high possibility of serious damage.

An unknown threat is an attack that uses a technique that cannot be prevented by known security measures and aims at a vulnerability that has not yet been identified. Because such an attack is unknown, it is difficult to take countermeasures. Therefore, it poses a great risk that can threaten the company's IT systems and information assets.

A zero-day attack and unknown threat can bring serious damage because an attack is launched before we complete a protection plan. We are at risk not only of theft of important company data but also of delayed business and a significant loss of business due to system breakdown. If a company has lost its credibility due to such an attack, the company will be immeasurably affected for a long period of time.

Zero trust is also effective for zero-day attacks and unknown threats. All users are authenticated every time they gain access. Even if a user is authenticated successfully, access to only minimum resources will be permitted based on the Principle of Least Privilege (PoLP). Even for a zero-day attack or unknown threat, we can narrow the scope of potential attack as long as resources that users can access are limited.

It is also possible to take quick action against an unknown threat and minimize damage by swiftly detecting abnormal behaviors and unknown patterns.

This article introduced the threats that using zero trust can prevent. Overseas offices tend to have fewer human resources but need to adopt a security system that ensures regional compliance. KDDI is implementing support for attaining zero trust at overseas offices. If you’re unsure about how to put efficient security measures in place, please contact KDDI. Next, we will introduce the roles of endpoint security in the zero trust security model.