Don’t trust the weakest link? Don’t trust any links

“Secure as the weakest link.” I hear this often, but your security model shouldn’t break down just because some part of your business, or a business partner, has low security.

Your security model must be able to cope with vulnerable parts of the organization and not waver as soon as one part of it falters.

The term “secure as the weakest link” implies that all parts of the business and everything that connects each part is on an equal footing and level of trust with everything else.

In the industry, we call this a flat, unsegmented network, as was common when someone decided it was a good idea to knock down all the walls to make businesses go faster.

That is why information-centric security models are essential for your business.

You should be able to connect your business to entities operating in the most hostile parts of the world, knowing full well that there are state-sponsored eyes watching you. And knowing perfectly well that some of your collaborators are probably registered in the registers of criminal organizations and are paid to exfiltrate data.

So I’m going to take the term “secure as the weakest link” and instead say “don’t trust the weakest link”.

In fact, don’t trust any links.

“Once your critical information or assets have been compromised, you will never recover them”

Tim Holman, 2 seconds

Assume you’re already compromised, as many businesses probably are, and do your best to protect what’s critical to your business, at the source.

Lock your crown jewels, watch who comes in and out, don’t give access to the world, trust no one, implement zero trust correctly and be prepared for serious repercussions if you just trusted the world. one of your “weakest links”.

Because once your critical information or assets have been compromised, you will never recover them.

Source link