Knowledge On What Threats Should We Focus in Overseas Offices? Explaining the Idea of Zero Trust

Unauthorized access is the best known security threat. This section describes what unauthorized access is, what kind of impact it has on us, and what measures we should take against it.

Unauthorized access is access to a system or data from an unauthorized user. There are two types of unauthorized access.

The first is unauthorized access from inside an organization. This means that unauthorized access is gained by an employee or worker within the company or organization. Such unauthorized access can be done intentionally as a malicious act or by someone acting in error. For example, even when authorized employees access confidential information, if they use the information improperly or share the information with someone else improperly, this act is regarded as unauthorized access.

The second type is unauthorized access gained by someone from outside the organization, namely a malicious hacker or cybercriminal. Malicious hackers and cybercriminals employ every possible means to break into a system and steal its data.

There are many types of damage from unauthorized access, and a company or organization can suffer severe effects from it. This section describes what damage we can suffer from unauthorized access from inside/outside an organization and how it could affect us.

In the zero-trust model, you do not trust any user or device, and therefore verify every request. You then assign access rights based on the Principle of Least Privilege (PoLP). This is how you can make it possible to minimize the risk of unauthorized access.

At overseas offices, it is important to be committed to compliance with regional laws and regulations concerning unauthorized access as well as provide education and training for employees in consideration of the culture of each overseas office.

Next, let us discuss data leakage and cloud orchestration as a security measure against it.

A data leak means unintentional or unauthorized disclosure of a company's confidential data to the outside of the company. It can be triggered by various factors such as an inadvertent or malicious act of an internal employee, invasion by an external cybercriminal, and infection with malware. Wide-ranging information can be leaked, including customer information, personal information of employees, intellectual property, and information about sales and profits.

A data leak can not only cause economic loss but also affect the credibility of the company. If a company's internal information comes into the open, the company may lose competitiveness at the global level. If personal information is leaked, the company will be responsible for taking swift measures based on the Act on the Protection of Personal Information. Furthermore, there is a possibility that the company may have to pay a fine or be sued.

Cloud orchestration is a solution that manages multiple cloud services and resources in an integrated way and automates them with the use of technologies such as a container technology, IaC (Infrastructure as Code), SIEM (Security Information and Event Management), or SOAR (Security Orchestration, Automation and Response).

IaC is an approach for defining and managing settings of infrastructure, such as servers and networks, as codes. Use of IaC enables you to automate deployment of and changes to infrastructure, and easily reproduce them.

By using these technologies to apply and manage security policies in an integrated fashion, you can prevent neglected or conflicting security settings with respect to individual systems and enhance the security level overall.

Cloud orchestration also enables unitary monitoring of the entire system, real-time detection of abnormal accesses and activities, and automatic implementation of necessary countermeasures. It reduces the risk due to human error or delays in taking action and aids in data leakage prevention.

For detailed information on SIEM and CASB, see "What are the components of zero trust? Explaining the best security technology required for the IT environment that is becoming increasingly diverse at overseas offices." 

* Related Article: What are the Components of Zero Trust? Explaining the Best Security Technology Required for the IT Environment that is Becoming Increasingly Diverse at Overseas Offices

Cloud orchestration and zero trust mutually complement one another in order to enable unified management and advanced automation. To realize the zero trust model, a variety of security elements, such as endpoints and network security, must be operated in a consistent manner. By controlling these elements unitarily and automating them, cloud orchestration plays a role in helping to realize the zero trust model.

Because you can track and monitor users' behaviors precisely with the use of cloud orchestration, it is possible to detect abnormal access immediately and take appropriate action. Consequently, you will be able to dramatically reduce the risk of data leakage at overseas offices, where you may have fewer human resources. For effective data leakage prevention at small or understaffed sites, select tools with sufficient documentation and support, or outsource tasks as needed.

Similar to how we need to take measures against unauthorized software such as spam and malware in Japan, it is also important to take necessary actions for such software abroad. This section describes threats of spam and malware as well as measures against them.

Spam and malware are easily confused with each other. Let us take a look at details of these terms.

Spam means sending unrequested messages to many people at once through email or social media. There are many types of spam, from commercial messages to malicious fraud, and a sender of spam sends many messages without the consent of receivers. Spam messages often contain infectious links and attachments, which creates a security risk for receivers of such messages.

Malware is an abbreviation of malicious software and is a general term for software that attacks computer systems and damage them. Examples include viruses, Trojan horses, worms, and spyware. Malware infections can induce different forms of damage, such as unauthorized information gathering, reduced functionality and system breakdowns, as well as attacks on other systems.

The damage from and impact of spam and malware are as follows, respectively.

The basic concept of the zero-trust model is not to trust any access, regardless of whether it comes from inside or outside a network. This concept is very important for protecting systems from spam or/and malware, and is effective even after malware has broken into a network. Based on the Principle of Least Privilege (PoLP) for zero trust, only minimum access per authority level is permitted even after malware has penetrated the network. This mechanism prevents the malware from spreading within the system and provides an answer for how to prevent or mitigate malware attacks.

In addition, abnormal behaviors can be detected promptly by always monitoring the system and constantly acquiring logs. It is possible to prevent a malware attack and localize damage by early detection and swift response.

Finally, we discuss zero-day attacks and unknown threats as well as countermeasures against them.

A zero-day attack means an attack aimed at an undisclosed vulnerability in software or a system. The probability of damage is high as these attacks occur before any public patch or notice, making it difficult to defend against them.

An unknown threat is an attack that uses a technique that cannot be prevented by known security measures and aims at a vulnerability that has not yet been identified. 

A zero-day attack or unknown threat can bring serious damage because the attack is launched before one can complete a protection plan. Companies are at risk not only of theft of important company data but also of delayed work and a significant loss of business due to system breakdown. If a company loses trust due to such an attack, the company will be immeasurably affected for a long period of time.

Zero Trust can help protect against zero-day attacks by enforcing strict authentication and authorization for every access request. Even after authentication, only minimum required resources are accessible, shrinking the potential impact zone. 

By swiftly detecting abnormal behaviors and unknown patterns, zero trust strategies protect against zero-day attacks and enable rapid response to unknown threats. 

This article introduced common IT security threats and how implementing zero trust can prevent them. Overseas offices tend to have fewer human resources but need to adopt a security system that ensures regional compliance and efficient data leakage prevention. KDDI is implementing support for implementing zero trust at overseas offices. If you’re unsure about how to put efficient security measures in place or how to mitigate malware attacks, please contact KDDI. Next, we will introduce the roles of endpoint security in the zero-trust security model.

Related services：Security