Cyber Security Roundtable Wrap Up

22 August 2023

ROUNDTABLE WRAP UP


IMPORTANCE OF IMPLEMENTING ZERO TRUST
Firsthand experiences from the coalface of a cyber security breach

The true cost of a security breach is nebulous and difficult to define. There’s the monetary cost – 8,160 incidents cost over $4.5 million per quarter – but then there’s also all the other costs, from a demoralised workforce, to public scrutiny that extends well beyond the initial reputational damage.

Softsource vBridge recently hosted a thought leadership roundtable that took a deep-dive look into the real impact of a high profile breach, and discussed the role that the Zero Trust approach to security has in limiting the impact of similar events going forward. Highlighting just how top-of-mind Zero Trust security is currently, this roundtable had an incredible turnout, and the discussions involved delved deeply into the topic.

Stepping into Zero Trust

In the world of decentralised IT, multi-cloud environments, IoT and edge computing, Zero Trust is the only approach to security that can effectively reduce the risk of breaches and compromised systems.

Stepping into Zero Trust

But it can also be a challenging approach to security to adopt because, managed poorly, it can significantly compromise the customer experience. The Softsource vBridge roundtable kicked off by outlining an effective and proven five-step approach to Zero Trust, which speakers like Roger Temple agreed were most effective in crafting a pathway to better security:

1. Move to identity verification.
2. Manage all devices across your networks.
3. Get visibility of all applications used by your business.
4. Classify data and set permissions.
5. Monitor all activity.

 

Protecting The Edge With Zero Trust

From there, the roundtable shifted to discussions about the edge.
In edge computing, where data processing occurs closer to the data source and often outside the traditional network perimeter, Zero Trust principles become even more crucial.
By implementing Zero Trust, organisations can establish strict access controls and continuously verify the identity and security posture of all devices, users, and applications attempting to connect to edge resources. HPE Aruba’s Andrew Fox also highlighted how the Zero Trust approach can deliver a host of other best-practice security approaches, including:

  • ZTNA: Secure access to private applications in the data centre or cloud.
  • SWG: Secure access to the Internet and protect against malicious online threats.
  • CASB: Secure access to SaaS applications and protect against data loss.
  • Experience: Monitor user performance and to troubleshoot user access issues for all traffic.


HPE Aruba, which focuses on unifying all of these security best practices onto the one Zero Trust platform, aims to simplify the enforcement of policy while actively inspecting any tracking across the organisation, be that through legacy apps, or new cloud-hosted solutions.

Additionally, HPE Aruba has been designed to harmonise access across the world via smart routing and a cloud-backbone on AWS, Azure, Google and Oracle. It has also been designed to enable users to access resources with or without an agent, ensuring that the overall user experience isn’t negatively impacted on during the shift to Zero Trust.

Lessons Learned       

Another major facet to the roundtable was an examination of the impact of a breach, where much of the damage and fallout could have been minimised had the organisation invested in Zero Trust.

Softsource vBridge’s Chris Marra was Director of Operations and Delivery at Waikato District Health Board when it was hit by a particularly vicious ransomware attack in 2021. This attack was so significant to public discourse in New Zealand and abroad that it has its own Wikipedia entry, and has since become the subject of study around the management of security and risk.

Over the course of the roundtable, Marra shared some key insights into how the attack was so successful, including:

 

1)      What the human impact of a breach is, and what the experience of going through a breach of this scale was like.

The very largest impact of this was to patients and clinical staff, on the IT front the first day,  IT staff not initially called out turned up on a Tuesday morning at 8:00 for work and discovered that there was nothing for them to do. They were unable to access the critical tools they needed to do their work in the supporting the Waikato hospitals.

The first response with most IT staff, then, was a feeling of hopelessness and disempowerment. This had a significant impact on team morale immediately.

However, the organisation was able to move quickly and positively, and made it a priority to get the team doing some kind of work in supporting business resilience. They were able to refocus the PC fleet so staff could attach them to Microsoft Teams, SharePoint, their email systems, which had been migrated to Office 365, and a few other applications. This enabled staff to all be involved in helping, and feel like they were contributing to the organisation and recovery.

 

2)      What Waikato District Health Board did to subsequently improve security?

One of the first steps in recovery was to adopt a Zero Trust approach to security. The organisation employed Microsoft to help craft a best practices approach to architecture going forward.

One interesting human factor that Marra noted was that while staff accepted Zero Trust while in emergency mode, as things returned to business as usual, some staff wanted us to relax the controls. Arguing that it was becoming difficult to do their jobs because they no longer had the ability to simply log on as the domain administrator, and that even after going through the process to get the login, there were limitations on what the assigned login could do. 

This highlights a potential challenge with Zero Trust, that it can affect the user experience and the support teams if not managed. It’s an essential approach in modern IT, but the experience of Waikato District Health Board speaks to a need for a change management program to successfully implement Zero Trust.

 

3)      Zero Trust would have prevented this breach having the impact that it did.

The breach happened as controls and architecture were unable to protect the environment once access was gained. This then allowed the criminals to be very lateral within the IT systems causing widespread encryption of systems and data. A Zero Trust architecture would have either prevented that from happening or made it much harder to achieve limiting the disruption to hospital operations.

Back to Articles

Other Recent Articles

Read More
Read More
Read More
Read More
Read More