Zero Trust In The Boardroom

Uploaded on 2022-03-14 in TECHNOLOGY--Resilience, FREE TO VIEW

“Zero Trust” may be words that are appearing a lot across your timelines and news feeds at the moment, and for good reason. 
 
As the pandemic has matured into an endemic and businesses solidify their plans for where and when their employees work remotely or come into an office, security is a key concern when working out how to maintain business continuity, without making it easy for anyone to gain access to sensitive documents. 
 
 It is always tough to draw a comparison to a tough pandemic the world is going through to explain what trust means. But you’ll forgive me given the underlying fact that, much like the public is with the pandemic, businesses are struggling to filter out the threats to their health and a less… naive approach, shall we say, is becoming more and more appealing. 

A Switch In Mindset

This switch in mindset may sound a touch paranoid but it is the project of a decade or so of ransomware and phishing attacks that have left decision makers sceptical when it comes to new ways of protecting themselves.
 
It is no wonder then that a security policy that takes nothing for granted and questions everyone on the network is proving popular. If they have not already, businesses are about to open themselves up by adopting cloud technologies for storage, communication, and customer management. In all of these scenarios, the data of the corporation, customer and colleagues’ is accessible for anyone with the right credentials, or the key to the back door.
 
The answer, therefore, can be found in not trusting anyone, questioning every access attempt and putting the security of the company before the inconvenience of the employees logging in. 
 
That is a view shared by great swathes of the information security sector. In fact, according to a survey we conducted of over a thousand InfoSec leaders, 93 percent said that their organisations see Zero Trust as a necessity.
 
Now you may be able to level bias accusations at us, but that does not mean that the whole Infosec sector is wrong. Even if you look at the problem logically, we can see that we have always been addressing cyber security the wrong way around.

Making A Hacker’s Job Easier   

Conventional wisdom in the security industry would dictate that threats should be fought and the only way to protect yourself is to build defences. But building defences does not guarantee they will work, and may actually be making the job for hackers easier, as they only have to win once  to gain access.
 
We don’t have to go over the attacks that have come and gone in the past, other than to use them as evidence that fighting hackers, the traditional way, does not work. Obviously businesses shouldn’t be inviting hackers in, but setting the bar for malevolent actors to live up to is as good as daring them to try to gain access.
 
The answer, you might say, is to make sure that that bar is too high for any hacker to reach. But this can lead to more complications, as demonstrated by the six-hour Meta outage that, at one point, wiped $6bn off the value of Facebook.
 
What CEOs need to understand is that a breach of some kind is a matter of when, rather than if - in fact some businesses may have already been attacked without even realising it. 
 
Clear As Day 

Rather than over-complicating security barriers just to run into access problems of your own, or worse, watch hackers run through them, the answer is to start from a place of Zero Trust. But this is an issue key decision makers need to start addressing. IT teams can only do so much, but the fundamental approach businesses take to protecting the data they preside over needs to come from the top. 
 
The data is encouraging - according to our survey over 80% of respondents agreed that adopting a Zero Trust approach would prevent or, at the very least limit, the damage done by attacks, with 40% planning to implement Zero Trust in the next three months, and 80% planning to be set up within the year.
 
An initial barrier the pioneers of Zero Trust were met with was the heavy lift achieving a Zero Trust architecture posed. Removing trust of every process and transaction, while slowly re-establishing trust one step at-a-time was not perceived as a walk in the park. But modern technology has since rose to the challenge, delivering cloud-delivered, lightweight, agentless Zero Trust platforms. These innovations in the approach to Zero Trust are able to automate and accelerate a Zero Trust journey at scale, with machine learning and AI, making Zero Trust a reality for enterprises of any size.
 
For anyone unconvinced, the consequence of security breaches can be devastating. Research from IBM found that the average total cost for a lapse in cyber security can be up to $4.24 million. That’s without considering the damage to your brand or the regulator’s punishments that can be as much as £17.5 million or 4% of annual global turnover, whichever is greater.
 
Such costs and penalties could also spell the end for senior leadership as disastrous breaches will mean someone needs to take the wrap for the mistakes that have occurred.  That’s exactly why CEOs need to have Zero Trust at the front of their minds.

By Rajesh Khazanchi is CEO of ColorTokens

You Might Also Read: 

Zero Trust Architecture - No Longer A ‘Nice to Have’:

 

« AI Is The Future Of Defensive Cyber Security
Cyber Innovation And Industry 4.0 »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Rapid7

Rapid7

Rapid7 unites cloud risk management and threat detection to deliver results that secure your business and ensure you’re always ready for what comes next.

Boxcryptor

Boxcryptor

Boxcryptor encrypts your sensitive files before uploading them to cloud storage services.

IT Security Association Germany (TeleTrusT)

IT Security Association Germany (TeleTrusT)

TeleTrusT is an IT Security association and network for IT security comprising members from industry, administration, consultancy and research.

Fortress Group

Fortress Group

Fortress is specialized in confidential and discrete recruitment solutions and temporary staffing in the field of security and risk management.

Cyber Base

Cyber Base

Cyber Base is an Information Technology company based in Uganda providing software and hardware solutions to clients.

Ogasec

Ogasec

Ogasec is a cybersecurity company formed by the merger between Aker and N-Stalker in 2017. Solutions include Security & Connectivity Networking, Application Security, and Managed Security Services.

Cloud Managed Networks

Cloud Managed Networks

Cloud Managed Networks provides enterprise grade IT network solutions for cloud-based and on premise network security, Wi-Fi, data switching, collaboration, device management and more.

Tego Cyber

Tego Cyber

Tego Cyber delivers a state-of-the-art threat intelligence platform that helps enterprises deploy the proper resolution to an identified threat before the enterprise is compromised.

Institute for Pervasive Cybersecurity - Boise State University

Institute for Pervasive Cybersecurity - Boise State University

Boise State University’s Institute for Pervasive Cybersecurity is a leader of innovative cybersecurity research and advancement in Idaho and the region.

CampusGuard

CampusGuard

CampusGuard focuses on the cybersecurity and compliance needs of campus-based organizations including higher education, healthcare, and state and local government.

OccamSec

OccamSec

OccamSec is a leading provider in the world of cybersecurity. We provide accurate, actionable information to reduce risk and enable better informed decisions.

CyberEPQ

CyberEPQ

CyberEPQ (Cyber Extended Project Qualification) is the UK’s first and only Extended Project Qualification in Cyber Security.

Cynclair

Cynclair

Cybersecurity is a complex beast. And we're the beast-tamers. Our team thrives on deciphering the latest threats, building cutting-edge defenses, and making your digital world much safer.

Mode

Mode

Mode is an out-of-band communication and crisis collaboration platform. One platform to manage your cyber crisis response. Stay connected when it's needed most.

Konsulko Group

Konsulko Group

Konsulko Group offers embedded Linux software and hardware development and Yocto Project services.

Sensiba

Sensiba

Sensiba are accountants, consultants, and experts in good business. We use deep industry experience to help organizations solve problems, navigate complexity, and build sustainable growth.