Connect with us

Hi, what are you looking for?


Identity & Access

Navigating the Digital Frontier in Cybersecurity Awareness Month 2023

ZTNA stands out as a solution that enables organizations to minimize their attack surface while ensuring the productivity and security of their remote workforce.

This October will mark the 20th anniversary of Cybersecurity Awareness Month, a pivotal initiative launched under the guidance of the U.S. Department of Homeland Security and the National Cyber Security Alliance (NCSA). It’s primary goal is to empower Americans with knowledge that enables them to stay safe and secure online.

In the spirit of reflection, this year’s campaign theme, “20 Years of Cybersecurity Awareness Month”, takes a critical look at the evolution of security education and awareness, while also examining the path ahead in securing our interconnected world. This year’s NCSA campaign will put a spotlight on crucial cybersecurity practices, including the importance of regularly updating software, recognizing and reporting phishing attempts, enabling multi-factor authentication (MFA), using strong passwords, and employing password managers. While these fundamentals are undeniably vital, organizations must recognize the need to go beyond them to fortify their cyber resilience.

Hackers often choose the path of least resistance, typically targeting the weakest link in the cybersecurity chain—humans. As a result, a significant number of data breaches today stem from credential harvesting campaigns, often followed by credential stuffing attacks. Once attackers infiltrate a network, they can laterally traverse it, seeking privileged accounts and credentials that provide access to an organization’s most sensitive data and critical infrastructure. Consequently, it comes as no surprise that IBM Security’s Cost of Data Breach Report for 2023 identifies stolen or compromised credentials as the most common initial attack vector, accounting for 15% of data breaches.

Despite years of advocacy for robust password policies and widespread multi-factor authentication adoption, many users still rely on weak passwords or reuse them across multiple accounts. Attackers can effortlessly exploit these practices, gaining access to numerous accounts tied to the same user. Thus, security practitioners can no longer presume implicit trust among applications, users, devices, services, and networks. This shift in mindset has prompted numerous organizations to embrace a Zero Trust approach, contemplating the augmentation of conventional network access security methods like virtual private networks (VPNs) and demilitarized zones (DMZs) with Zero Trust Network Access (ZTNA) solutions.

ZTNA solutions establish identity- and context-based logical access boundaries around applications or sets of applications. Access is granted to users based on a wide range of factors, such as the device in use, device posture (e.g., the presence and functionality of anti-malware software), access request timestamp, and geolocation. The solution dynamically determines the appropriate access level for each specific access request, recognizing that the risk levels of users, devices, and applications are in constant flux.

Mastering Vendor Evaluations

When selecting ZTNA solutions, you’ll encounter a plethora of vendors vying for your attention. To guide security practitioners embarking on the vendor evaluation process, here are five essential tips:

  1. Resilient ZTNA – Prioritize ZTNA offerings that exhibit resilience, ensuring they can function seamlessly despite disruptions, unintentional decay, or malicious actions.
  2. Visibility Matters – Assess ZTNA solutions for their ability to provide in-depth visibility into all endpoints, data, networks, and applications within your organization. The more granular the insights, the more intelligent your access decisions become.
  3. A Future-Proof Platform – Choose ZTNA solutions that align with your organization’s Security Service Edge (SSE) architecture plans. These solutions allow you to transition from a tunnel-based approach to a software-defined perimeter over time, consolidating secure tunnels, ZTNA, and Secure Web Gateway (SWG) capabilities on a single platform.
  4. Not Just Security, But Employee Experience – Explore ZTNA solutions equipped with integrated digital experience monitoring (DEM) capabilities. These features capture real-time insights into the experiences of remote and mobile workers, enabling you to fine-tune your application access policies continually.
  5. Embrace Best Practices in Zero Trust – Opt for ZTNA solutions that adhere to the National Institute of Standards and Technology (NIST) Zero Trust Architecture. This approach emphasizes policy enforcement as close as possible to the user, often enforced directly at the endpoint.

    To successfully navigate the challenges of today’s digital landscape, organizations must break free from the cycle of password dependency. While numerous approaches can lead to this goal, ZTNA stands out as a solution that enables organizations to minimize their attack surface while ensuring the productivity and security of their remote workforce.

    Advertisement. Scroll to continue reading.
    Written By

    Dr. Torsten George is an internationally recognized IT security expert, author, and speaker with nearly 30 years of experience in the global IT security community. He regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege for Dummies book. Torsten has held executive level positions with Absolute Software, Centrify (now Delinea), RiskSense (acquired by Ivanti), RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global), Digital Link, and Everdream Corporation (acquired by Dell).

    Click to comment

    Daily Briefing Newsletter

    Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

    Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


    As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


    Expert Insights

    Related Content

    Identity & Access

    Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

    Cybersecurity Funding

    Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

    Network Security

    Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...


    The private equity firm merges the newly acquired ForgeRock with Ping Identity, combining two of the biggest names in enterprise IAM market.


    Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

    Identity & Access

    Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

    Email Security

    Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...


    Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet