Electricity and Control July 2021

CYBERSECURITY

Understanding Zero Trust security models

Anna Collard, SVP Content Strategy & Evangelist, KnowBe4 AFRICA

D uring a preview of this year’s RSA conference, a team from Orange Cyberdefense demonstrated a range of pretty scary scenarios of what can happen when malicious actors take control over a user’s home router. These range from duping users into downloading payloads dressed up as fake VPN software updates, capturing user’s credentials or redirecting traffic that should be going over the VPN to the threat actor. Typically, home routers are outside of the enterprise se- curity control and often not very well protected. The majority of people trust their internet service provider (ISP) to set up their home access points for them and this frequently results in default settings such as admin/admin credentials. Home routers are often attacked by criminal and state ac- tors alike. Despite the easing of lockdown restrictions, many peo- ple are still working from home and will do so for the fore- seeable future – connecting to the internet and their cor- porate networks via their private home routers and Wi-Fi access points. The increasing complexity of delivering services to this highly distributed user base, many of whom connect via untrusted devices, coupled with an evolving threat land- scape, is highlighting the importance of Zero Trust security. Zero Trust is a security model based on a set of design principles which assumes that a breach is inevitable, or has likely already occurred. Zero Trust architectures limit access to only what is needed, repeatedly check whether users, devices, services or network components should be trusted and monitor for malicious or abnormal activity. It is more than a technology architecture though; it is B uilding on their longstanding alliance, Rockwell Automation is adding Cisco’s Cyber Vision to its existing LifecycleIQ Services portfolio of cybersecurity threat detection solutions. Rockwell Automation and Cisco have been working together for more than a decade – since they recognised that the information technology (IT) and operational technology (OT) worldswere converging.While convergence is essential to digital transformation, it also presents challenges such as siloed networks, cybersecurity threats, skills shortages and an abundance of production data and solutions. The two companies, leaders in their respective industries, have jointly developed architectures, services and products to help their customers address these challenges as they work towards building a Connected Enterprise. As the deeper integration between IT, cloud and industri- al networks creates security issues that can become obsta- cles to digitalisation, Cyber Vision provides full visibility into

a long-term philosophy and requires a mindset change among everyone involved. To succeed, it is essential to create a security culture that embraces Zero Trust. This means broadening the conversation and explaining Zero Trust principles to business leaders, IT ad- ministrators and general users. Trust is an important component of doing busi- ness, so the context of Zero Trust has to be explained in a positive way. It is not about not trusting individuals, but rath-

Anna Collard, KnowBe4 Africa.

er about reducing the potential likelihood and limiting the impact of a breach, as well as damage control if or when devices, networks or identities are compromised. For businesses to strengthen and mature their security culture effectively, they need to influence it positively. Peo- ple generally want to do the right thing, but instilling fear and uncertainty does not empower them. Business leaders need to inspire trust in order to succeed with Zero Trust. This means creating a security culture programme that raises awareness of the importance of security and Zero Trust concepts, and enables people to take responsibility for their participation in the security programme. For exam- ple, businesses need to educate their employees on how to spot, report and get help when they see suspicious activity, to be extra vigilant of social engineering attacks while work- ing from home, and the necessity of reducing their privileg- es as part of the Zero Trust rollout.

For more information visit: www.KnowBe4.com

Combatting evolving cybersecurity threats

IT and OT teams need to work together to combat industrial cybersecurity threats.

industrial control systems to build secure infrastructures and enforce security policies – enabling the continuity, re- silience and safety of industrial operations. The addition of Cyber Vision to the LifecycleIQ Services threat detection of- ferings provides a switch-based architecture for customers with existing Cisco solutions, greenfield networks or those updating their Cisco network infrastructure.

For more information visit: www.rockwellautomation.com

Electricity + Control JULY 2021

29