It’s no wonder the ‘zero trust’ approach has caught the eye of many CIOs, but if you’re still not convinced, here’s some reasons why you should be interested.
It shouldn’t need to be emphasised the seriousness and effect of cyber security breaches. The ramifications both in reputation and regulatory recourse can seriously damage an organisation’s ability to function. It’s more important than ever for businesses to put effective cyber security measures in place, and the current tactics aren’t working. Recent incidents like the Kaseya, Colonial Pipeline, and SolarWinds attacks show that bad actors have the will and the technical ability to take on the highest-profile service providers.
Such attacks can do severe, lasting damage to an organisation’s infrastructure.
Attacks are getting more sophisticated.
In a recent survey, HP found that over three quarters of businesses are concerned about hackers using the same tactics seen from nation-state attacks. Ian Pratt, global head of security, personal systems at HP, has said that those concerns are well-founded, as evidence has emerged that hackers have adopted tactics seen in the SolarWinds breach as well as the Eternal Blue exploit which was used by the WannaCry hackers.
Gartner is advising that every company should adopt zero trust, and key tenants of that are secure access and micro-segmentation.
After investigation, Gartner has advised businesses to phase out VPN security protections and replace them with zero trust network access (ZTNA), particularly in internet-facing solutions for employees and partners. In their report, Gartner also predicted that by 2022, 80% of new digital business applications within ecosystems will be accessed through ZTNA and that 60% of enterprises will phase out their VPNs in favour of the technology by 2023.
Establishing a strong network monitoring strategy
Traditional and point solutions simply don’t work.
The cyber security industry is in crisis at the moment. Point solutions are limited by their fragmented context and reactive, traditional solutions are letting attackers go undetected for months at a time. The current technologies do not work, and research from IDC published this summer proves this, as they found that over a third of businesses were subject to ransomware attacks over the past year, with financial and manufacturing businesses targeted the most.
Zero trust is a journey, not a product. CIOs need to think that way.
One of the problems that the cyber security industry has had to tackle is its reputation. Rather than taking an interest in the solution and how it will work in the specific network infrastructure a business is using, security solutions have been seen as a firefighting solution, just in case a hacker chanced his arm. There are no other alternative solutions or tactics to a zero trust infrastructure: once a decision is made to adopt, businesses should not look elsewhere for new solutions as the fundamental principles of zero trust mean that it is not fighting certain attacks but rather questioning why and how every endpoint has gained access.
The trends CIOs should embrace in 2021 and beyond
Trust between organisations, their clients, and partners is at risk if data isn’t secured.
It’s a sad but true statement that once an attack has been announced to the public, your business’s reputation is marred for a long time. Privacy is of huge importance to every business as well as the public whose records you may hold. Attacks can also cut off whole industries from ever working with you again, as any information within the financial sector, for example, needs to be protected for regulatory reasons. Therefore, an insecure reputation will all but cancel any chance of business with those companies.
As you can see from this short list, there can be no doubt that a zero trust framework is what future cyber security solutions will be built on. Although attacks are becoming more sophisticated, by questioning every access attempt, there is a better likelihood of catching any intruders before they infiltrate your business, rather than cleaning up messes after they occur.
With current solutions continuing to fail in front of our eyes, CIOs must recognise the threats out there, and accept the inadequacies in anything other than a zero trust framework.