Zero Trust In The Boardroom

Uploaded on 2022-03-14 in TECHNOLOGY--Resilience, FREE TO VIEW

“Zero Trust” may be words that are appearing a lot across your timelines and news feeds at the moment, and for good reason. 
 
As the pandemic has matured into an endemic and businesses solidify their plans for where and when their employees work remotely or come into an office, security is a key concern when working out how to maintain business continuity, without making it easy for anyone to gain access to sensitive documents. 
 
 It is always tough to draw a comparison to a tough pandemic the world is going through to explain what trust means. But you’ll forgive me given the underlying fact that, much like the public is with the pandemic, businesses are struggling to filter out the threats to their health and a less… naive approach, shall we say, is becoming more and more appealing. 

A Switch In Mindset

This switch in mindset may sound a touch paranoid but it is the project of a decade or so of ransomware and phishing attacks that have left decision makers sceptical when it comes to new ways of protecting themselves.
 
It is no wonder then that a security policy that takes nothing for granted and questions everyone on the network is proving popular. If they have not already, businesses are about to open themselves up by adopting cloud technologies for storage, communication, and customer management. In all of these scenarios, the data of the corporation, customer and colleagues’ is accessible for anyone with the right credentials, or the key to the back door.
 
The answer, therefore, can be found in not trusting anyone, questioning every access attempt and putting the security of the company before the inconvenience of the employees logging in. 
 
That is a view shared by great swathes of the information security sector. In fact, according to a survey we conducted of over a thousand InfoSec leaders, 93 percent said that their organisations see Zero Trust as a necessity.
 
Now you may be able to level bias accusations at us, but that does not mean that the whole Infosec sector is wrong. Even if you look at the problem logically, we can see that we have always been addressing cyber security the wrong way around.

Making A Hacker’s Job Easier   

Conventional wisdom in the security industry would dictate that threats should be fought and the only way to protect yourself is to build defences. But building defences does not guarantee they will work, and may actually be making the job for hackers easier, as they only have to win once  to gain access.
 
We don’t have to go over the attacks that have come and gone in the past, other than to use them as evidence that fighting hackers, the traditional way, does not work. Obviously businesses shouldn’t be inviting hackers in, but setting the bar for malevolent actors to live up to is as good as daring them to try to gain access.
 
The answer, you might say, is to make sure that that bar is too high for any hacker to reach. But this can lead to more complications, as demonstrated by the six-hour Meta outage that, at one point, wiped $6bn off the value of Facebook.
 
What CEOs need to understand is that a breach of some kind is a matter of when, rather than if - in fact some businesses may have already been attacked without even realising it. 
 
Clear As Day 

Rather than over-complicating security barriers just to run into access problems of your own, or worse, watch hackers run through them, the answer is to start from a place of Zero Trust. But this is an issue key decision makers need to start addressing. IT teams can only do so much, but the fundamental approach businesses take to protecting the data they preside over needs to come from the top. 
 
The data is encouraging - according to our survey over 80% of respondents agreed that adopting a Zero Trust approach would prevent or, at the very least limit, the damage done by attacks, with 40% planning to implement Zero Trust in the next three months, and 80% planning to be set up within the year.
 
An initial barrier the pioneers of Zero Trust were met with was the heavy lift achieving a Zero Trust architecture posed. Removing trust of every process and transaction, while slowly re-establishing trust one step at-a-time was not perceived as a walk in the park. But modern technology has since rose to the challenge, delivering cloud-delivered, lightweight, agentless Zero Trust platforms. These innovations in the approach to Zero Trust are able to automate and accelerate a Zero Trust journey at scale, with machine learning and AI, making Zero Trust a reality for enterprises of any size.
 
For anyone unconvinced, the consequence of security breaches can be devastating. Research from IBM found that the average total cost for a lapse in cyber security can be up to $4.24 million. That’s without considering the damage to your brand or the regulator’s punishments that can be as much as £17.5 million or 4% of annual global turnover, whichever is greater.
 
Such costs and penalties could also spell the end for senior leadership as disastrous breaches will mean someone needs to take the wrap for the mistakes that have occurred.  That’s exactly why CEOs need to have Zero Trust at the front of their minds.

By Rajesh Khazanchi is CEO of ColorTokens

You Might Also Read: 

Zero Trust Architecture - No Longer A ‘Nice to Have’:

 

« AI Is The Future Of Defensive Cyber Security
Cyber Innovation And Industry 4.0 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Duane Morris LLP

Duane Morris LLP

Duane Morris is a global law firm with offices in the USA, UK and Asia. Practice areas include Cybersecurity.

PeCERT

PeCERT

PeCERT is the national Computer Emergency Response Team for Peru.

Clavister

Clavister

Clavister is a network security vendor delivering a full range of network security solutions for both physical and virtualized environments.

BMS Group

BMS Group

BMS is an independent, employee-owned specialist insurance broking group. Broking solutions include Cyber and Technology.

Sepio Cyber

Sepio Cyber

Sepio is the leading asset risk management platform that operates on asset existence rather than activity.

Assured Enterprises

Assured Enterprises

Assured Enterprises provides comprehensive cyber risk identification, management and mitigation across all platforms.

Wolfpack Information Risk

Wolfpack Information Risk

Wolfpack specialise in information and cyber threat management covering the full spectrum of prevention, detection, incident response and business resilience capabilities.

Fugue

Fugue

Fugue ensures cloud infrastructure stays in continuous compliance with enterprise security policies.

972VC

972VC

972VC was created to help entrepreneurs find potential funding for their startups. Your guide to the Israeli startup funding ecosystem.

Ackcent Cybersecurity

Ackcent Cybersecurity

Ackcent's mission is to help our clients to protect their critical digital assets by providing them with a portfolio of specialised professional services.

Research Institute in Verified Trustworthy Software Systems (VeTSS)

Research Institute in Verified Trustworthy Software Systems (VeTSS)

The main purpose of VeTSS is to support program analysis, testing and verification, to achieve guarantees of software correctness, safety, and security.

Chainguard

Chainguard

Founded by the industry's leading experts on open source software, security and cloud native development, Chainguard are on a mission to make the software supply chain secure by default.

Mobilicom

Mobilicom

Mobilicom is an end-to-end provider of cybersecurity and smart solutions for drones, robotics & autonomous platforms.

Ivolv Cybersecurity

Ivolv Cybersecurity

Ivolv is here to assist your organization in building effective protection and resilience against cyber attacks.

Aberrant

Aberrant

A radically new approach to managing information security. Aberrant is the single pane of glass through which a security program can be viewed.

Validia

Validia

Validia is a deepfake cybersecurity service that provides proactive and reactive defense to the deepfake threat enterprises increasingly face with the rapid growth of generative AI.