This time last year, the CrowdStrike Falcon OverWatch™ reported on mounting cyber threats facing organizations as they raced to adopt work-from-home practices and adapt to constraints imposed by the rapidly escalating COVID-19 crisis. Unfortunately, the 12 months that followed have offered little in the way of reprieve for defenders. The past year has been marked by some of the most significant and widespread cyberattacks the world has seen.

Zero Trust is an approach to network security which assumes that just because something is on your network, doesn’t necessarily mean it is trustworthy. Zero Trust allows organizations to apply security controls to network traffic within the perimeter, not just at the edge.

Current IT modernization initiatives are challenging federal agencies to implement significant changes to their infrastructure at a breakneck pace. As they look to keep pace with an increasingly sophisticated cyber threat environment and accommodate workflows shifting to the cloud, the federal government is looking to zero trust as a solution. Zero trust is a security model that maintains secure access to data and applications based on dynamic security policies reacting to access request specifics, as opposed to the network from where access originates.

The Zero Trust (ZT) architecture is a modern concept shaping cybersecurity in the public and private sectors. The growing use of SaaS applications, migration to cloud-based architecture, a rising number of remote employees, and bring-your-own-device (BYOD) have rendered perimeter-based security obsolete. The concept of a network perimeter where those outside of the enterprise's control are malicious and insiders are trustworthy — is no longer a viable approach to cybersecurity.

Are you next? Will criminals target your organization with ransomware? No one can say for sure, so prepare now.

Here are four and a half critical decisions to make – and things to do – before a crisis hits.  

(What’s half a decision, you ask? What’s half an action, you may wonder. Read to end if you want to find out).

1. Do: Have a plan

This sounds so obvious, but I have seen major organizations in business and government scrambling to respond to a ransomware attack. Your plan should include at least these elements?

Article originally posted to the GovDevSecOpsHub here.

When in-person processes became impossible during the pandemic, the extent to which public sector services relied on them became apparent. Town halls, municipal offices, schools, and colleges were forced to close their doors to the public, and the need to provide digital alternatives to citizen services so that constituents could continue to access them became clear.

Zero Trust may seem like a daunting security architecture to implement. But Zero Trust is more a change of mindset towards cybersecurity than it is new tools and solutions. Zero Trust is a concept that can help you simplify and strengthen your defenses by adopting “never trust/always verify” principles. The truth is you probably already have many of the tools you need to get started. In addition to using existing security solutions, new tools and technologies can be added incrementally.

The COVID-19 pandemic has forced a rapid, widespread shift to remote work, necessitating a new approach to security. Many public sector agencies are responding by adopting a Zero Trust model.

What is Zero Trust? Why is it important? What’s required to implement it? Let’s explore.

What Is Zero Trust?

The Colonial Pipeline hack by DarkSide created Malicious code that resulted in the pipelines shut down, FBI officials have confirmed. According to the company, the Colonial pipeline transports about 45% of the fuel consumed on the East coast. U.S. fuel prices at the pump rose six cents per gallon on the week to $2.967 per gallon for regular unleaded gasoline, the American Automobile Association (AAA) said on Monday, while Wall Street shares in U.S. energy firms were up 1.5%. The U.S. issued emergency legislation on Sunday after a ransomware cyber-attack hit the Colonial Pipeline.

President Biden has recently issued the “Executive Order on Improving the Nation’s Cybersecurity”, which requires government agencies to present plans for implementing a Zero Trust architecture, imposes stringent standards for threat sharing on government contractors and agencies alike, requires software vendors to show a Software Bill of Materials to demonstrate the security of their products, and seeks broad modernization of the Federal government’s cybersecurity posture.