In an attempt to bolster cyber security, Google recently announced it has curtailed internet access for a select group of its employees. This pilot program, initially involving 2,500 individuals but subsequently expanding to include other volunteers, aims to provide an additional layer of defense against evolving cyberattacks. Those involved are equipped with desktops designed to access only internal web tools and Google's proprietary services, eliminating the potential avenues for malicious code download that unrestricted internet access often facilitates.
This strategy undeniably enhances protection against external threats because less internet connectivity translates to a reduced digital footprint, minimising exposure to online risks. However, removing direct internet access doesn’t necessarily make an organisation’s internal systems immune from potential threats or compromises. There will always be some degree of vulnerability because these internal systems often remain connected to other devices that can access the internet within the network.
So, even though Google’s approach has its merits, it’s a method that leans too much on keeping things out but does not consider the threats that might arise from within the network. There should also be a significant focus on restricting access between internal resources within the enterprise network.
Understanding the limits of perimeter defense
The security industry is often driven by conversations around external hackers using techniques like phishing, zero-day attacks, and malware to breach security perimeters. However, it is impossible to stop all cyberattacks at the perimeter. At some point, an attack will get through.
There’s also significant threats from within the perimeter that can be often overlooked. Research has revealed that insider threats account for 62% of all security breaches. Be it disgruntled employees, careless staff, or even malicious insiders, these internal actors possess a distinct advantage. They often have legitimate access rights, intimate knowledge of the internal systems, and bypass traditional security checks. This makes them particularly insidious as their activities can masquerade as standard operational tasks, allowing them to exfiltrate data, manipulate systems, or inject malware with relative impunity.
Senior Director, Industry Solutions, Illumio
Workstations, laptops, and mobile devices are also all hotspots for sensitive data, and standard perimeter security doesn’t extend to these assets. This asymmetric focus could lead to significant vulnerabilities.
An inadequately secured laptop could become an entry point for a sophisticated cyberattack. Malicious actors can use the device to laterally move across different systems and create backdoors, leading to widespread data breaches. Consider the case of Google, where an employee’s laptop might be disconnected from the open web, but it can be still connected to the company’s Active Directory (AD). Compromising this device could lead threat actors to laterally move into the AD database and leak sensitive data. Only focusing on perimeter defense means you only reduce the risks of threats coming directly from the open internet.
Recent cyber incidents further accentuate this concern. Last year, leading communications platform Slack suffered a major security incident, where threat actors stole the access credentials of some employees and used them to access its GitHub repository. The incident demonstrates how a single user exploit within the network can lead to a major data breach. So, a shift in focus is necessary – one that extends beyond external hackers and comprehends the magnitude of internal risks.
Don’t neglect breach containment
To truly achieve resilience in today’s complex environment, we need to move away from security strategies of the past. Keeping attackers out by building a moat (the prevention era) and finding attackers quickly (the detection era) are both proven security strategies for decades gone. However, they are no longer sufficient for today’s complex, hybrid environments. Today, we have arrived at the era of containment which requires robust protective measures behind the perimeter to enable rapid isolation of threats like ransomware. The focus must no longer be on purely preventing attacks, but also on containing them quickly without operational disruption.
One such solution that can help build resilience against ransomware and other cyberattacks is Zero Trust Segmentation (ZTS), also known as microsegmentation. This proactive approach supports an “assume breach” mentality by allowing businesses to visualize how workloads and devices are communicating within the network, and to create granular policies that only allow necessary communication.
A significant advantage of ZTS is that if one area of an organization's network is breached, it doesn't spell disaster for the entire network. The intrusion can be contained within that minute segment, drastically reducing potential damage. This is particularly imperative given that perimeter-based security technologies, while vital for enforcing policies between sites, are ineffective at segmenting traffic between specific workloads or processes.
According to the Gartner Hype Cycle for Enterprise Networking 2023 and the Hype Cycle for Zero Trust Networking, 2023, microsegmentation is expected to achieve mainstream adoption within the next two years. Zero Trust Segmentation, in particular, represents a quantum leap in capabilities, making it quicker and easier to deploy microsegmentation than with static, legacy firewalls. This approach, when combined with detection and response capabilities, can also significantly bolster an organization's cybersecurity posture, with a study from Bishop Fox proving that ZTS stops attacks from spreading nearly four times faster than detection and response capabilities alone.
Strengthening resilience from the inside out
Businesses like Google are at the forefront of technology innovation, making their cybersecurity strategies a benchmark for others to follow. Other businesses will undoubtedly shadow Google’s strategy of restricting internet access and fortifying external defenses, but it is critical that organizations do not neglect critical longer-term security practices to boost resilience, in favor of short-term steps to reduce immediate risk.
Organizations cannot forget that threats also exist within the network perimeter, and must couple any restriction of access with the limiting of lateral movement to reduce risk and boost resilience. In the case of Google, in addition to air-gapping its internal network from the open web, the company should also be implementing asset-based segmentation and enforcing different levels of access controls on each subnetwork. This not only helps to protect its most valuable assets from both internal and external threats, but also eliminates the likelihood of a catastrophic security incident.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Raghu Nandakumara, Head of Industry Solutions, Illumio.