Zero Trust In The Boardroom

“Zero Trust” may be words that are appearing a lot across your timelines and news feeds at the moment, and for good reason. 
 
As the pandemic has matured into an endemic and businesses solidify their plans for where and when their employees work remotely or come into an office, security is a key concern when working out how to maintain business continuity, without making it easy for anyone to gain access to sensitive documents. 

 
 It is always tough to draw a comparison to a tough pandemic the world is going through to explain what trust means. But you’ll forgive me given the underlying fact that, much like the public is with the pandemic, businesses are struggling to filter out the threats to their health and a less… naive approach, shall we say, is becoming more and more appealing. 

A Switch In Mindset

This switch in mindset may sound a touch paranoid but it is the project of a decade or so of ransomware and phishing attacks that have left decision makers sceptical when it comes to new ways of protecting themselves.
 
It is no wonder then that a security policy that takes nothing for granted and questions everyone on the network is proving popular. If they have not already, businesses are about to open themselves up by adopting cloud technologies for storage, communication, and customer management. In all of these scenarios, the data of the corporation, customer and colleagues’ is accessible for anyone with the right credentials, or the key to the back door.
 
The answer, therefore, can be found in not trusting anyone, questioning every access attempt and putting the security of the company before the inconvenience of the employees logging in. 
 
That is a view shared by great swathes of the information security sector. In fact, according to a survey we conducted of over a thousand InfoSec leaders, 93 percent said that their organisations see Zero Trust as a necessity.
 
Now you may be able to level bias accusations at us, but that does not mean that the whole Infosec sector is wrong. Even if you look at the problem logically, we can see that we have always been addressing cyber security the wrong way around.

Making A Hacker’s Job Easier   

Conventional wisdom in the security industry would dictate that threats should be fought and the only way to protect yourself is to build defences. But building defences does not guarantee they will work, and may actually be making the job for hackers easier, as they only have to win once  to gain access.
 
We don’t have to go over the attacks that have come and gone in the past, other than to use them as evidence that fighting hackers, the traditional way, does not work. Obviously businesses shouldn’t be inviting hackers in, but setting the bar for malevolent actors to live up to is as good as daring them to try to gain access.
 
The answer, you might say, is to make sure that that bar is too high for any hacker to reach. But this can lead to more complications, as demonstrated by the six-hour Meta outage that, at one point, wiped $6bn off the value of Facebook.
 
What CEOs need to understand is that a breach of some kind is a matter of when, rather than if - in fact some businesses may have already been attacked without even realising it. 
 
Clear As Day 

Rather than over-complicating security barriers just to run into access problems of your own, or worse, watch hackers run through them, the answer is to start from a place of Zero Trust. But this is an issue key decision makers need to start addressing. IT teams can only do so much, but the fundamental approach businesses take to protecting the data they preside over needs to come from the top. 
 
The data is encouraging - according to our survey over 80% of respondents agreed that adopting a Zero Trust approach would prevent or, at the very least limit, the damage done by attacks, with 40% planning to implement Zero Trust in the next three months, and 80% planning to be set up within the year.
 
An initial barrier the pioneers of Zero Trust were met with was the heavy lift achieving a Zero Trust architecture posed. Removing trust of every process and transaction, while slowly re-establishing trust one step at-a-time was not perceived as a walk in the park. But modern technology has since rose to the challenge, delivering cloud-delivered, lightweight, agentless Zero Trust platforms. These innovations in the approach to Zero Trust are able to automate and accelerate a Zero Trust journey at scale, with machine learning and AI, making Zero Trust a reality for enterprises of any size.
 
For anyone unconvinced, the consequence of security breaches can be devastating. Research from IBM found that the average total cost for a lapse in cyber security can be up to $4.24 million. That’s without considering the damage to your brand or the regulator’s punishments that can be as much as £17.5 million or 4% of annual global turnover, whichever is greater.
 
Such costs and penalties could also spell the end for senior leadership as disastrous breaches will mean someone needs to take the wrap for the mistakes that have occurred.  That’s exactly why CEOs need to have Zero Trust at the front of their minds.

By Rajesh Khazanchi is CEO of ColorTokens

You Might Also Read: 

Zero Trust Architecture - No Longer A ‘Nice to Have’:

 

« AI Is The Future Of Defensive Cyber Security
Cyber Innovation And Industry 4.0 »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Payatu

Payatu

Payatu Technologies is a security testing and services company specialized in Software, Application and Infrastructure security assessments and deep technical security training.

Science Applications International Corporation (SAIC)

Science Applications International Corporation (SAIC)

SAIC is a premier technology integrator in the technical, engineering, intelligence, and enterprise information technology markets. Services and solutions include Cybersecurity.

Templar Executives

Templar Executives

Templar Executives is a leading, expert and dynamic Cyber Security company trusted by Governments and multi-national organisations to deliver business transformation.

Cyber Army Indonesia (CyberArmyID)

Cyber Army Indonesia (CyberArmyID)

Cyber Army Indonesia (CyberArmyID) is the first platform in Indonesia to collect and validate reports from hackers (referred to as Bug Hunter) regarding vulnerabilities that exist in an organization.

Digi International

Digi International

Digi is a leading global provider of mission-critical and business-critical machine-to-machine (M2M) and Internet of Things (IoT) connectivity products and services.

CyberWhite

CyberWhite

CyberWhite is a disruptive provider of cyber security and risk mitigation solutions.

Secura B.V.

Secura B.V.

Secura is an independent specialized cybersecurity expert, providing insights to protect valuable assets and data.

TRU Staffing Partners

TRU Staffing Partners

TRU Staffing Partners is an award-winning contract staffing and executive search firm for cybersecurity, eDiscovery and privacy companies and professionals.

Pelta Cyber Security

Pelta Cyber Security

Pelta Cyber Security is the cyber security consulting and solutions division of Softworld Inc. We provide staffing and recruitment services as well as consulting and solutions for outsourced projects.

Buchanan Technologies

Buchanan Technologies

Buchanan Technologies is a leading IT consulting and outsourcing services firm. Our methodology transforms everyday technology investments into streamlined, secure and scalable solutions.

Blink Ops

Blink Ops

Blink helps security teams streamline everyday workflows and protect your organization better.

JLS Technology

JLS Technology

Since 2007, JLS Tech has been recognized as one of the world’s most innovative cybersecurity and technology operations leaders.

Project Cypher

Project Cypher

Project Cypher leverages the latest cybersecurity developments, a world class team of hackers and constant R&D to provide you with unparalleled cybersecurity offerings.

TRM Labs

TRM Labs

TRM enables risk management and compliance for a global community of financial institutions, cryptocurrency businesses and government agencies.

Multidisciplinary Institute for Cybersecurity and Cyber Resilience (IMC2)

Multidisciplinary Institute for Cybersecurity and Cyber Resilience (IMC2)

IMC2 brings together resources to carry out ambitious, innovative and multidisciplinary projects in the field of cybersecurity and cyber resilience.

United Nations Office of Counter-Terrorism (UNOCT)

United Nations Office of Counter-Terrorism (UNOCT)

UNOCT provides UN Member States with the necessary policy support of the UN Global Counter-Terrorism Strategy, and wherever necessary, expedites delivery of technical assistance.