Fighting Cybercrime with Zero Trust

Authors

  • Kiran Sharma Panchangam Nivarthi 31108 Algonquin Trail, Chisago City, MN, 55013, USA
  • Ganesh Gatla 480 Meadowhill Drive, Alpharetta, GA, 30004, USA

Keywords:

Cybercrime, Cybersecurity, Zero Trust, Zero Trust Architecture, Network Security

Abstract

Zero Trust Architecture focuses on securing critical data and access paths by eliminating trust as much as possible by “assuming breach.” It establishes trust every time a user tries to access an asset in the system by questioning the premise that users, devices, and network components should be implicitly trusted based on their location within the network. We have chosen Zero Trust to help reduce the impact of cybercrime and establish baseline security practices. It is a dramatic paradigm shift in the philosophy of securing our infrastructure, networks, and data, from verifying once at the perimeter to continually verifying each user, device, application, and transaction. Trust in humans is essential to forming connections; however, trust in network connections can create dangers and potential security gaps in the digital world. In a hyper-connected world, anyone can launch an attack virtually and participate in cybercrime by violating the trust of systems or networks. The cost of not implementing good security practices is evident in the growing number of data breaches and ransomware attacks that erode consumers' trust in tech and online space. Considering Zero Trust and Zero Trust Architecture developed by the National Institute of Standards and Technology (NIST) should help reduce the impact of cybercrime and protect the crown jewels in cyberspace from a malicious insider or an external attacker.

References

INTERPOL, "Cybercrimes cross borders and evolve rapidly," 01 June 2022. [Online]. Available: https://www.interpol.int/en/Crimes/Cybercrime. [Accessed 23 November 2022].

B. Toulas, "Hackers selling access to 576 corporate networks for $4 million," BleepingComputer.com logo, 31 October 2022. [Online]. Available: https://www.bleepingcomputer.com/news/security/hackers-selling-access-to-576-corporate-networks-for-4-million/. [Accessed 24 November 2022].

A. Vicens, "Ransomware costs top $1 billion as White House inks new threat-sharing initiative," CyberScoop, 01 November 2022. [Online]. Available: https://www.cyberscoop.com/ransomware-payments-cost-treasury/. [Accessed 25 November 2022].

Mercedes Cardona, "The Trend Toward A Zero Trust Model for Security," Mimecast, 19 July 2022. [Online]. Available: https://www.mimecast.com/blog/the-trend-toward-a-zero-trust-model-for-security/. [Accessed 16 November 2022].

C. Cunningham, "A Look Back At Zero Trust: Never Trust, Always Verify," Forrester, 24 August 202. [Online]. Available: https://www.forrester.com/blogs/a-look-back-at-zero-trust-never-trust-always-verify/. [Accessed 18 November 2022].

National Institute of Standards and Technology, "Zero Trust Architecture," SP800-27, pp. 2-3, August 2020.

U.S. General Services Administration, "Zero Trust Architecture (ZTA)," Buyer's Guide, pp. 2-3, June 2021.

United States Executive Office of the President Joseph R. Biden, "Exec. Order No. 14028, Improving the Nation's Cybersecurity," 86 Fed. Reg. 26633 (2021), pp. 26633-26647, 12 May 2021.

Office of Management and Budget, "Moving the U.S. Government Toward Zero Trust Cybersecurity Principles," M-22-09, pp. 2-3, 26 January 2022.

OKTA, "The State of Zero Trust Security 2022," September 2022. [Online]. Available: https://www.okta.com/sites/default/files/2022-09/OKta_WhitePaper_ZeroTrust_H2_Campaign_.pdf. [Accessed November 2022].

Cybersecurity and Infrastructure Security Agency, "Zero Trust Maturity Model," pp. 3-4, June 2021.

National Security Agency, "Embracing a Zero Trust Security Model," Guidance on Zero Trust Security Model, pp. 6-7, 25 February 2021.

National Security Agency, "Embracing a Zero Trust Security Model," Guidance on Zero Trust Security Model, pp. 5-6, 25 February 2021.

Paloalto, "Zero Trust Guidance for the US Federal Government," The Zero Trust Journey for Federal Agencies: The Next Phase, pp. 2-3, 09 April 2020.

Office of Management and Budget, "Draft Federal Strategy For Moving the U.S. Government Towards a Zero Trust Architecture," 07 September 2021. [Online]. Available: https://www.whitehouse.gov/omb/briefing-room/2021/09/07/office-of-management-and-budget-releases-draft-federal-strategy-for-moving-the-u-s-government-towards-a-zero-trust-architecture/. [Accessed November 2022].

B. Violino, "Why companies are moving to a ‘zero trust’ model of cyber security," CNBC, 01 March 2022. [Online]. Available: https://www.cnbc.com/2022/03/01/why-companies-are-moving-to-a-zero-trust-model-of-cyber-security-.html. [Accessed November 2022].

U.S. General Services Administration, "Technology Modernization Fund Announces Investments to Modernize Major Systems at USDA and NARA," 23 May 2022. [Online]. Available: https://www.gsa.gov/about-us/newsroom/news-releases/technology-modernization-fund-announces-investments-to-modernize-major-systems-at-usda-and-nara-05232022. [Accessed November 2022].

K. Errick, "Government Implementing Zero Trust Architecture Faster than Corporations," Nextgov, Washington D.C., 2022.

OKTA, "The State of Zero Trust Security 2022," September 2022. [Online]. Available: https://www.okta.com/sites/default/files/2022-09/OKta_WhitePaper_ZeroTrust_H2_Campaign_.pdf. [Accessed November 2022].

The President's National SecurityTelecommunications Advisory Committee, "Zero Trust and Trusted Identity Management," NSTAC, Washington D.C., 2022.

D. Schiappa, "The Federal Government’s Path to Zero-Trust Security," Sophos, 08 November 2021. [Online]. Available: https://www.govtech.com/sponsored/the-federal-governments-path-to-zero-trust-security. [Accessed November 2022].

M. Mclean, "2022 Must-Know Cyber Attack Statistics and Trends," Embroker, 11 November 2022. [Online]. Available: https://www.embroker.com/blog/cyber-attack-statistics/. [Accessed November 2022].

C. Brook, "Cybercrime Cost U.S. $6.9 Billion in 2021," Digital Gaurdian, 02 September 2022. [Online]. Available: https://digitalguardian.com/blog/cybercrime-cost-us-69-billion-2021. [Accessed November 2022].

V. Tero, "Defining Metrics to Successfully Manage Your Zero Trust Implementation Plan," Illumio, 11 August 2020. [Online]. Available: https://www.illumio.com/blog/zero-trust-metrics. [Accessed November 2022].

IBM, "Cost of a data breach 2021," IBM, New York, 2021.

IBM, "Cost of a data breach 2022: A million-dollar race to detect and respond," IBM, New York, 2022.

International Telecommunication Union, "Guide to Developing a National Cybersecurity Strategy," in Strategic Engagement in Cybersecurity, Geneva, 2021.

15 U.S.C 9001, "American Rescue Plan Act of 2021," PUBLIC LAW 117–2, pp. 4-245, 11 March 2021.

23 U.S.C 101, "Infrastructure Investment and Jobs Act," PUBLIC LAW 117–58, pp. 429-1039, 15 November 2021.

National Institute of Standards and Technology, "Zero Trust Architecture," SP 800-27, pp. 2-3, August 2020.

Cybersecurity and Infrastructure Security Agency, "Zero Trust Maturity Model," pp. 1-4, June 2021.

U.S. Department of Health & Human Services, "HITECH Act Enforcement Interim Final Rule," 17 February 2009. [Online]. Available: https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.html. [Accessed November 2022].

Federal Trade Commission, "Enforcement," [Online]. Available: https://www.ftc.gov/enforcement. [Accessed November 2022].

CISA, "Zero Trust Maturity Model audit checklist," [Online]. Available: https://cdn.ttgtmedia.com/rms/pdf/cisa_zero_trust_maturity_model_audit_checklist_download.pdf. [Accessed November 2022].

Brookings, "Bridging the gaps: A path forward to federal privacy legislation," Brookings, Washington D.C, 2020.

Governance Studies, "Bridging the gaps: A path forward to federal privacy legislation," Brookings, 2020.

S. Morgan, "Cybercrime To Cost The World $10.5 Trillion Annually By 2025," Cybercrime Magazine, California, 2020.

Organization of American States (OAS), "National Cybersecurity Strategies: Lessons learned and Reflections from the Americas and Other Regions," Global Partners Digital, 2022.

United States Executive Office of the President Joseph R. Biden, "Executive Order No. 14028, Improving the Nation's Cybersecurity," 86 Fed. Reg. 26633 (2021), pp. 26633-26647, 12 May 2021.

Downloads

Published

2022-12-04

How to Cite

Panchangam Nivarthi, K. S., & Gatla, G. (2022). Fighting Cybercrime with Zero Trust. American Scientific Research Journal for Engineering, Technology, and Sciences, 90(1), 371–381. Retrieved from https://www.asrjetsjournal.org/index.php/American_Scientific_Journal/article/view/8309

Issue

Vol. 90 No. 1 (2022)

Section

Articles

License

Copyright (c) 2022 American Academic Scientific Research Journal for Engineering, Technology, and Sciences

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Authors who submit papers with this journal agree to the following terms.