“Secure as the weakest link.” I hear that a lot, but your security model should not fall apart just because a part of your business, or a business partner, has weak security.
Your security model should be able to cope with vulnerable parts of the organisation, and not throw a wobbly as soon as a part of it falters.
The term “secure as the weakest link” implies that all parts of the business and everything that links each part together is of an equal footing and trust level to everything else.
In the industry, we call this a flat, unsegmented network, as was common when someone decided it was a good idea to pull all the walls down so that businesses go faster.
You should be able to connect your business with entities operating in the most hostile areas of the world, in full knowledge there are state-sponsored eyes looking at you. And in full knowledge that some of your staff are probably on the books of criminal organisations and are paid to exfiltrate data.
So, I’m going to take the term “secure as the weakest link” and say instead “don’t trust the weakest link”.
In fact, don’t trust any link.
“Once your information or critical assets have been compromised, you will never get them back” Tim Holman, 2-sec
Operate under the assumption you’re already compromised, as a lot of business probably are, and do your upmost to protect what is critical to your business, at source.
Lock up your crown jewels, monitor who is going in and out, don’t give the whole world access, trust no one, implement zero-trust properly, and prepare for heavy repercussions if you’ve just gone and trusted one of your “weakest links”.
Because once your information or critical assets have been compromised, you will never get them back.
Denial of responsibility!TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
