The healthcare industry is a notorious target for cyberattacks, and traditional cybersecurity measures simply aren’t effective anymore. Zero Trust Security for email may well be the answer.
What is Zero Trust
According to TechBeacon, COVID-19 is accelerating the adoption of the model since users are more likely to access sensitive information remotely.
No single technology is associated with Zero Trust. Instead, it’s a comprehensive framework that incorporates several different principles and technologies.
Here are the guiding principles behind Zero Trust Security:
- Nothing and no one is automatically trusted. Attackers could come from either inside or outside of a network.
- Least privilege access. Users only get as much access as they need, thereby limiting exposure to sensitive data.
- Microsegmentation. Security perimeters are broken up into small zones to maintain separate access for separate parts of the network.
- Multi-factor authentication (MFA). A core value of Zero Trust Security, MFA means more than one piece of evidence is required to authenticate a user.
- Strict controls on device access. Zero Trust Security systems monitor how many different devices are trying to access a network and ensure every device is authorized.
- Real-time activity monitoring. It is critical to spot abnormalities in behavior in real time in order to shut down a possible hacking attempt immediately.
Why we need Zero Trust for email
These days, bad actors are using American tech companies to send malicious emails, such as Amazon SES, Sendinblue, and Mailgun. This puts malware out of reach of the early warning system run by the National Security Agency (NSA) because it is prohibited by law from conducting surveillance inside the United States.
In other words, we can no longer trust email sent from American hosting and infrastructure companies.
Nation state threat actors are sending sophisticated email phishing campaigns that pass the following security checks:
- DNS Real-time Blackhole List (DNSRBL). This frontline defense system checks whether a sending IP address is on a blacklist of IP addresses reputed to send malicious email.
- Sender Policy Framework (SPF). An email authentication method that indicates that a mail server is authorized to send email for your domain.
- DomainKeys Identified Mail (DKIM). Another email authentication system that uses digital signatures to allow the receiver to check that an email was indeed authorized by the owner of that domain.
- Domain-based Message Authentication, Reporting and Conformance (DMARC). Yet another authentication protocol that leverages SPF and DKIM to determine the authenticity of an email message.
- DomainAge. Newly registered domain names sending email are a red flag and quarantined.
Malicious emails pass these checks because the bad actors registered new email domains, sat on them for years so they did not raise any red flags, took the time to configure and maintain their accounts correctly, and then hid behind American companies inaccessible to the NSA.
Therefore, in order to keep up in the cybersecurity arms race, what’s needed is a Zero Trust Security framework for email.
How Zero Trust for email can work
As part of a Zero Trust framework for email, MFA can be reimagined as an authentication method not for a user, but for a machine.
Let’s say a mail server is attempting to send you an email. During the SMTP conversation between mail servers, the sender claims it is a part of Amazon’s SES platform, and your MX record host verifies that this is true because it passes the security checks outlined above.
However, with a Zero Trust for email paradigm, those checks aren’t good enough. One more piece of evidence is required to authenticate that the email is truly legitimate and not a phishing attack cloaked under the guise of Amazon’s email platform.
I believe this new piece of evidence should be unique to each customer and be updated based on usage over time. In other words, it must be very difficult for bad actors to impersonate.
This new approach will yield a unique form of MFA, an additional piece of evidence required to authenticate an email. It would be especially useful for healthcare providers that not only need extra security to send HIPAA compliant email, but also must block incoming cyberattacks.
15% Off Medical Practice Supplies
VIEW ALL
Manual Prescription Pad (Large - Yellow)
Manual Prescription Pad (Large - Pink)
Manual Prescription Pads (Bright Orange)
Manual Prescription Pads (Light Pink)
Manual Prescription Pads (Light Yellow)
Manual Prescription Pad (Large - Blue)
__________________________________________________
Appointment Reminder Cards
$44.05
15% Off
$56.30
15% Off
$44.05
15% Off
$44.05
15% Off
$56.30
15% Off
Hi everyone, I saw comments from people who had already got their loan from
ReplyDeleteAnderson Loan Finance. Honestly, I thought it was a scam, and then I
decided to make a request based on their recommendations. A few days ago, I
confirmed in my personal bank account amounting to $15,000 dollars which I
applied for. This is really a good news and I am so very happy that I
advise all those who need a real loan and who are sure to reimburse to
apply through their email (text or call) +1 719 629 0982. There are sincere
loan lenders! They are capable to lend you a loan. Contact Mr Anderson
E-mail: andersonraymondloanfinance@gmail.com
Phone: +1 719 629 0982
E-mail: andersonraymondloanfinance@gmail.com
Office address is (68 Fremont Ave Penrose CO, 812400).