While considering the need for network isolation within the mission-critical networks, two broad categories of connectivity have already identified: Internet users and private network users. There may be numerous further subcategories for these, perhaps based on information sensitivity or various functional areas (such as accounting or HLS) and based on the nature of the service itself.
For instance, when users only interact with software interfaces (such as Web pages, e-mail clients, remote access), they operate at a level of abstraction that usually does not allow for any opportunity to have visibility into the infrastructure. The distinction here is that today's end-users do not directly interact with the infrastructure. This tells us that an organization will need to manage connectivity and isolation in multiple ways depending on the service and the connection source. This is arguably the most underrated control of any in cybersecurity. Too often, municipalities don’t ensure that the network is compartmentalized enough. In the event of a cyberattack, or a compromised section of the network, an attacker will have immediate access to the entire network - 100%.
To prevent this, you must segment the varying network assets. Cynamics can identify improper network segmentation within minutes of onboarding our free trial.
Pro Tip: Always keep mission-critical network assets in a separate and isolated network with restricted and encrypted access.