Zero Trust In The Boardroom

Uploaded on 2022-03-14 in TECHNOLOGY--Resilience, FREE TO VIEW

“Zero Trust” may be words that are appearing a lot across your timelines and news feeds at the moment, and for good reason. 
 
As the pandemic has matured into an endemic and businesses solidify their plans for where and when their employees work remotely or come into an office, security is a key concern when working out how to maintain business continuity, without making it easy for anyone to gain access to sensitive documents. 
 
 It is always tough to draw a comparison to a tough pandemic the world is going through to explain what trust means. But you’ll forgive me given the underlying fact that, much like the public is with the pandemic, businesses are struggling to filter out the threats to their health and a less… naive approach, shall we say, is becoming more and more appealing. 

A Switch In Mindset

This switch in mindset may sound a touch paranoid but it is the project of a decade or so of ransomware and phishing attacks that have left decision makers sceptical when it comes to new ways of protecting themselves.
 
It is no wonder then that a security policy that takes nothing for granted and questions everyone on the network is proving popular. If they have not already, businesses are about to open themselves up by adopting cloud technologies for storage, communication, and customer management. In all of these scenarios, the data of the corporation, customer and colleagues’ is accessible for anyone with the right credentials, or the key to the back door.
 
The answer, therefore, can be found in not trusting anyone, questioning every access attempt and putting the security of the company before the inconvenience of the employees logging in. 
 
That is a view shared by great swathes of the information security sector. In fact, according to a survey we conducted of over a thousand InfoSec leaders, 93 percent said that their organisations see Zero Trust as a necessity.
 
Now you may be able to level bias accusations at us, but that does not mean that the whole Infosec sector is wrong. Even if you look at the problem logically, we can see that we have always been addressing cyber security the wrong way around.

Making A Hacker’s Job Easier   

Conventional wisdom in the security industry would dictate that threats should be fought and the only way to protect yourself is to build defences. But building defences does not guarantee they will work, and may actually be making the job for hackers easier, as they only have to win once  to gain access.
 
We don’t have to go over the attacks that have come and gone in the past, other than to use them as evidence that fighting hackers, the traditional way, does not work. Obviously businesses shouldn’t be inviting hackers in, but setting the bar for malevolent actors to live up to is as good as daring them to try to gain access.
 
The answer, you might say, is to make sure that that bar is too high for any hacker to reach. But this can lead to more complications, as demonstrated by the six-hour Meta outage that, at one point, wiped $6bn off the value of Facebook.
 
What CEOs need to understand is that a breach of some kind is a matter of when, rather than if - in fact some businesses may have already been attacked without even realising it. 
 
Clear As Day 

Rather than over-complicating security barriers just to run into access problems of your own, or worse, watch hackers run through them, the answer is to start from a place of Zero Trust. But this is an issue key decision makers need to start addressing. IT teams can only do so much, but the fundamental approach businesses take to protecting the data they preside over needs to come from the top. 
 
The data is encouraging - according to our survey over 80% of respondents agreed that adopting a Zero Trust approach would prevent or, at the very least limit, the damage done by attacks, with 40% planning to implement Zero Trust in the next three months, and 80% planning to be set up within the year.
 
An initial barrier the pioneers of Zero Trust were met with was the heavy lift achieving a Zero Trust architecture posed. Removing trust of every process and transaction, while slowly re-establishing trust one step at-a-time was not perceived as a walk in the park. But modern technology has since rose to the challenge, delivering cloud-delivered, lightweight, agentless Zero Trust platforms. These innovations in the approach to Zero Trust are able to automate and accelerate a Zero Trust journey at scale, with machine learning and AI, making Zero Trust a reality for enterprises of any size.
 
For anyone unconvinced, the consequence of security breaches can be devastating. Research from IBM found that the average total cost for a lapse in cyber security can be up to $4.24 million. That’s without considering the damage to your brand or the regulator’s punishments that can be as much as £17.5 million or 4% of annual global turnover, whichever is greater.
 
Such costs and penalties could also spell the end for senior leadership as disastrous breaches will mean someone needs to take the wrap for the mistakes that have occurred.  That’s exactly why CEOs need to have Zero Trust at the front of their minds.

By Rajesh Khazanchi is CEO of ColorTokens

You Might Also Read: 

Zero Trust Architecture - No Longer A ‘Nice to Have’:

 

« AI Is The Future Of Defensive Cyber Security
Cyber Innovation And Industry 4.0 »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Protective Intelligence

Protective Intelligence

Protective Intelligence brings together a group of information security specialists with a passion for delivering high-quality solutions.

The Hacker News (THN)

The Hacker News (THN)

THN is a leading source for Information Security, Hacking News, Cyber Security, Network Security with in-depth technical coverage of issues and events

Federal Office For Information Security (BSI)

Federal Office For Information Security (BSI)

The BSI (Bundesamt fur Sicherheit in der Informationstechnik) is the federal cyber security agency and the chief architect of secure digitalisation in Germany.

Falanx Cyber

Falanx Cyber

Falanx Cyber provides enterprise-class cyber security services and solutions. We deliver end-to-end cyber capabilities, either as specific engagements or as fully-managed services.

Positive Technologies

Positive Technologies

Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection.

Cyber Security Specialists

Cyber Security Specialists

Cyber Security Specialists Limited provide Security services across a wide range of markets, from multi-national Corporate Organisations and Government Agencies, through to smaller Businesses.

Sum&Substance (Sumsub)

Sum&Substance (Sumsub)

Sum&Substance is a developer of remote verification solutions. Our technology allows online services around the world to meet regulatory requirements, prevent fraud and enhance customer confidence.

Knovos

Knovos

Knovos is a leading technology innovator developing solutions for automating, integrating, and innovating Information Governance.

BlackRidge Technology

BlackRidge Technology

BlackRidge Technology develops, markets and supports a family of products that provide a next generation cyber security solution for protecting enterprise networks and cloud services.

Stefanini Group

Stefanini Group

Stefanini is a global IT services company providing a broad range of solutions for digital transformation including automation, cloud, IoT and cybersecurity.

Code Intelligence

Code Intelligence

Code Intelligence offers a platform for automated software security testing to help developers make their software more robust and secure.

Probity

Probity

Probity Inc. is a certified software development and systems engineering company, providing support to federal government and national defense related clients.

Getvisibility

Getvisibility

Getvisibility enables customers to detect, classify and protect sensitive information increasing data security, governance, compliance and lowering the risk of losing valuable data.

Ebryx

Ebryx

At Ebryx, we are at the forefront of cybersecurity innovation, leveraging over a decade of expertise to protect and empower organizations worldwide.

Sonar

Sonar

AI generated or written by humans, Sonar’s Clean Code Solutions cover your code quality needs, improving code reliability, maintainability, and security.

Nothreat

Nothreat

Nothreat has revolutionized how businesses like yours protect themselves from damaging cyber attacks. Our tech learns and adapts in real time, protecting clients from even zero-day attacks.