On December 10, 2021, security professionals learned a lesson the hard way. Apache’s widely-used Log4j (CVE-2021-44228) was the victim of a zero-day vulnerability. Some of the largest names in the industry used this open-source platform for data logging, the heart of their IT solutions.
Before the security event, many of the same organizations that used Log4j were not aware of how it affected the security of their environment. This is because they overestimated how easy it is to successfully “hack” a business. In this blog, I will explain how even a high school student could gain access to your login credentials.
Being a Certified Ethical Hacker myself, I understand that hacking is not the impossible task it once was in the early days of the internet. Today, anyone can find extensive information just through a simple Google search. I have included one such example from my labs to demonstrate how easy hacking can get if you know how to find the right information.
The short answer is: you can’t. It is so easy to hack systems that it is better for security professionals to assume a breach has already occurred. This is the zero trust model.
The traditional “castle and moat” security ideology is no longer enough to keep your organization protected. In the zero trust model, you assume a breach has already occurred, and so you verify users at every stage of access.
For instance, if a high school student were to hack your systems and gain login credentials as in the example above, they could be prevented from gaining access to sensitive information with multi-factor authentication.
BlackHawk Data can help your organization leverage the zero-trust model. We have years of expertise deploying and monitoring solutions in different IT environments as a security and network operations center. We can help you implement stringent policies by applying network security identity access management (IAM) whilst keeping your data and services’ availability in mind.