Zero Trust In The Boardroom

“Zero Trust” may be words that are appearing a lot across your timelines and news feeds at the moment, and for good reason. 
 
As the pandemic has matured into an endemic and businesses solidify their plans for where and when their employees work remotely or come into an office, security is a key concern when working out how to maintain business continuity, without making it easy for anyone to gain access to sensitive documents. 

 
 It is always tough to draw a comparison to a tough pandemic the world is going through to explain what trust means. But you’ll forgive me given the underlying fact that, much like the public is with the pandemic, businesses are struggling to filter out the threats to their health and a less… naive approach, shall we say, is becoming more and more appealing. 

A Switch In Mindset

This switch in mindset may sound a touch paranoid but it is the project of a decade or so of ransomware and phishing attacks that have left decision makers sceptical when it comes to new ways of protecting themselves.
 
It is no wonder then that a security policy that takes nothing for granted and questions everyone on the network is proving popular. If they have not already, businesses are about to open themselves up by adopting cloud technologies for storage, communication, and customer management. In all of these scenarios, the data of the corporation, customer and colleagues’ is accessible for anyone with the right credentials, or the key to the back door.
 
The answer, therefore, can be found in not trusting anyone, questioning every access attempt and putting the security of the company before the inconvenience of the employees logging in. 
 
That is a view shared by great swathes of the information security sector. In fact, according to a survey we conducted of over a thousand InfoSec leaders, 93 percent said that their organisations see Zero Trust as a necessity.
 
Now you may be able to level bias accusations at us, but that does not mean that the whole Infosec sector is wrong. Even if you look at the problem logically, we can see that we have always been addressing cyber security the wrong way around.

Making A Hacker’s Job Easier   

Conventional wisdom in the security industry would dictate that threats should be fought and the only way to protect yourself is to build defences. But building defences does not guarantee they will work, and may actually be making the job for hackers easier, as they only have to win once  to gain access.
 
We don’t have to go over the attacks that have come and gone in the past, other than to use them as evidence that fighting hackers, the traditional way, does not work. Obviously businesses shouldn’t be inviting hackers in, but setting the bar for malevolent actors to live up to is as good as daring them to try to gain access.
 
The answer, you might say, is to make sure that that bar is too high for any hacker to reach. But this can lead to more complications, as demonstrated by the six-hour Meta outage that, at one point, wiped $6bn off the value of Facebook.
 
What CEOs need to understand is that a breach of some kind is a matter of when, rather than if - in fact some businesses may have already been attacked without even realising it. 
 
Clear As Day 

Rather than over-complicating security barriers just to run into access problems of your own, or worse, watch hackers run through them, the answer is to start from a place of Zero Trust. But this is an issue key decision makers need to start addressing. IT teams can only do so much, but the fundamental approach businesses take to protecting the data they preside over needs to come from the top. 
 
The data is encouraging - according to our survey over 80% of respondents agreed that adopting a Zero Trust approach would prevent or, at the very least limit, the damage done by attacks, with 40% planning to implement Zero Trust in the next three months, and 80% planning to be set up within the year.
 
An initial barrier the pioneers of Zero Trust were met with was the heavy lift achieving a Zero Trust architecture posed. Removing trust of every process and transaction, while slowly re-establishing trust one step at-a-time was not perceived as a walk in the park. But modern technology has since rose to the challenge, delivering cloud-delivered, lightweight, agentless Zero Trust platforms. These innovations in the approach to Zero Trust are able to automate and accelerate a Zero Trust journey at scale, with machine learning and AI, making Zero Trust a reality for enterprises of any size.
 
For anyone unconvinced, the consequence of security breaches can be devastating. Research from IBM found that the average total cost for a lapse in cyber security can be up to $4.24 million. That’s without considering the damage to your brand or the regulator’s punishments that can be as much as £17.5 million or 4% of annual global turnover, whichever is greater.
 
Such costs and penalties could also spell the end for senior leadership as disastrous breaches will mean someone needs to take the wrap for the mistakes that have occurred.  That’s exactly why CEOs need to have Zero Trust at the front of their minds.

By Rajesh Khazanchi is CEO of ColorTokens

You Might Also Read: 

Zero Trust Architecture - No Longer A ‘Nice to Have’:

 

« AI Is The Future Of Defensive Cyber Security
Cyber Innovation And Industry 4.0 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

SmartSearch

SmartSearch

SmartSearch is a leading online provider of Anti-Money Laundering and Fraud Prevention Services.

RISA

RISA

RISA solutions help to secure networks, improve overall network security, and achieve government regulatory compliance.

NetExtend

NetExtend

NetExtend services include backup and recovery, endpoint protection, network monitoring, cloud portal and billing and payment solutions.

Mitchell Sandham

Mitchell Sandham

Mitchell Sandham is an, independent insurance and financial services brokerage. Business products include Cyber/Privacy Liability insurance.

Online Business Systems

Online Business Systems

Online Business Systems is an information technology and business consultancy. We design improved business processes enabled with robust and secure information systems.

Redshift Consulting

Redshift Consulting

Redshift is an information management and information security consulting company offering a full range of services from infrastructure design to security assessments and network monitoring.

Westminster Insight - Cyber Security Conference

Westminster Insight - Cyber Security Conference

Join colleagues this December for Westminster Insight’s Cyber Security Conference, as you’ll assess how new technologies such as AI can secure your organisation against future threats.

TAC Security (TAC Infosec)

TAC Security (TAC Infosec)

TAC Security (aka TAC Infosec) is a leading and trusted cyber security consulting partner that specializes in securing the IT infrastructure and assets of enterprises.

Armenia Startup Academy

Armenia Startup Academy

Armenia Startup Academy is a pre-acceleration program for selected Armenian tech companies and startups in areas including cybersecurity.

Cygenta

Cygenta

Cygenta brings a new approach to cybersecurity. We understand that true security means having digital, human and physical security working in harmony.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

QA Consultants

QA Consultants

QA Consultants is North America’s largest software quality engineering services firm, an award-winning onshore provider of software testing and quality assurance solutions.

ASPIA InfoTech

ASPIA InfoTech

ASPIA Infotech is a leading Information and cybersecurity organization focused on innovative approaches to avert targeted attacks.

TrustCloud

TrustCloud

TrustCloud is a global company specializing in the orchestration and custody of secure digital transactions including identification, signature, payments, and electronic custody.

Exacom

Exacom

Exacom is a leading provider of multimedia logging/recording solutions across public safety, government, DoD, energy, utilities, transportation, and security applications.

HTL Support

HTL Support

HTL Support, your trusted partner for comprehensive IT support in London. We specialize in delivering top-tier IT solutions tailored to both large enterprises and small businesses.