Zero Trust in a Virtual Cybersecurity World

ABSTRACT

With the sudden shift to large-scale remote work, organizations rapidly expanded remote access with virtual private networks (VPN). According to a study of large-scale breaches, cybercrime increased in the first quarter of 2020 by 273% compared to 2019.3 In another study, 71% of IT and cybersecurity professionals worldwide reported increased cybersecurity threats and attacks since the onset of COVID-19.4 As data breaches rise, "going perimeter-less" is becoming more prevalent.5 Agencies are also pushing more information to the cloud. "7 In a recent major supply chain attack,8 threat actors inserted malicious code into a software program that impacted thousands9 of customers for over six months.10 After gaining a foothold into an affected network, the attackers were able to move laterally, using multiple different credentials, and evade detection.11 Cybersecurity experts expressed hope that this attack, termed one of the most serious in U.S. history, would accelerate work to implement NIST's ZTA.12 William Evanina, former director of the U.S. National Counterintelligence and Security Center, said the U.S. should maintain a ZT supply chain risk mitigation program with an "understanding of who provides your services, where they get them.. Given the role of data in its mission, FM must help agency cybersecurity leaders articulate the benefits of ZTA in protecting data16 P Form a team from FM, program offices, functional areas and cybersecurity to develop the business case for ZTA.