October is National Cyber Security Awareness Month, made to encourage industry members to learn about cyber risks. Smarter Technologies discusses.
Although no models are truly impenetrable, we’re zeroing in on zero trust architecture as the number one thing your organisation can do to make it harder than ever for attackers to bust in.
The theme for this year’s campaign is ‘See Yourself in Cyber’, demonstrating that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people – from both a threat and protection perspective. Zero trust focuses on precisely that by aiming to secure workers’ access to sensitive systems, networks, and data by using additional context, analysis, and security controls.
Zero trust is all about principles of least privilege. Once a user is done with whatever job they’re doing, access is taken away. Essentially, zero trust means giving the right people the right access at the right time: trusting nothing, verifying everything.
The current cybersecurity landscape
The cybersecurity landscape has certainly improved over time, mostly due to consistent increases in cyber spending year after year. According to Gartner estimates, people will invest $172 billion in cybersecurity in 2022, up from $150 billion last year. The company suggests that spending will continue to rise steadily thereafter. Despite increased spending, the number and scope of cyber breaches continue to grow most years. Even sizable organisations that have already been compromised in the past will likely be hit again at some point.
In the past, most of these cyberattacks could simply be traced to external cybercriminals, cyberterrorists, or rogue nation-states. But things have changed, and threats from within organisations are increasing. Traditional perimeter defences are simply not designed to prevent these attacks, or keep external attackers out, for that matter. And in a hybrid world, an increasing number of enterprise resources now live outside the perimeter, making it even more challenging to protect these assets with legacy approaches.
Zero trust is reaching the top of the cybersecurity agenda for many organisations due to an escalation in insider attacks and an increase in remote work – both of which challenge the effectiveness of traditional perimeter-based security approaches.
Organisations are adopting a zero trust approach to cybersecurity
An MIT Technology Review Insights poll of global business leaders revealed that:
● Three out of four organisations have become more aggressive in their approach to cybersecurity over the past two years
● End-user security tops the list of organisations’ cybersecurity concerns
● About 40% of poll respondents said their organisations have already adopted a zero trust model
● Another 18% are in the process of implementing zero trust
● 17% are in the planning stages
According to Gartner predictions, spending on zero trust solutions is set to more than double to $1.674 billion between now and 2025.
Governments are also mandating zero trust architectures for federal organisations. For example, the Biden Administration recently signed the White House’s January 2022 Federal Zero Trust Architecture Strategy. Under this agreement, agencies have until September 2024 to achieve five specific zero trust security goals.
These large-scale endorsements have accelerated zero trust adoption, and continued developments suggest that the zero trust model will soon become the default security approach for every organisation.
Microsoft is on the zero trust side
Microsoft recently announced that numerous zero-trust features are now available in its Windows 11 operating system. Building zero trust in by default helps organisations boost their security. According to the zero trust rules in the Windows 11 Security Book, the system checks a user’s identity and location and their device’s security status, and only allows access to the appropriate resources. Other zero-trust capabilities include continuous visibility and analysis to catch threats and improve defences.
Should you adopt zero trust this cybersecurity month?
In short: yes. Of course, you can’t overhaul your entire infrastructure in a month, but use the focus on cybersecurity in October to create a zero trust strategy or build on one you already have. Studies have found that implementing zero trust architecture can:
● Reduces the average cost of a breach by at least $1.76 million
● Prevent five cyber disasters per year
● Save $20.1 million on average in application downtime costs
Why haven’t all organisations embraced zero trust?
Truth be told, deciding to embrace zero trust is much easier than actually implementing it. For many organisations, the transition process can be both overwhelming and labour-intensive. If you’re new to zero trust or unsure of your next steps as an organisation, it’s a good idea to engage with a digital transformation partner to help you design and review a zero trust architecture that meets your organisation’s specific requirements.
You can read up on more security stories at our Communications page.
Plus, IoT Insider’s sister publication, Electronic Specifier has further stories on being safe online. Also, feel free to comment below or delve deeper at our LinkedIn page!