Protecting Your Organization From Cyberattacks: The Case for “Zero Trust”

If cybercrime were represented as a country’s GDP, it would rank third in a lineup of world economies, immediately after the United States and China, according to the ​​2022 Official Cybercrime Report. Leading researchers predict that cybercrime will cost $8 trillion globally this year, with losses reaching $10.5 trillion by 2025. For comparison, damages in 2015 were only $3 trillion.

As technology advances, cybercrime grows more sophisticated, particularly with the assistance of AI. The World Economic Forum (WEF) reports that increasingly complex and adaptive cybercrime puts individual companies and the world at increased risk of a catastrophic-level cyberattack. Of particular concern are “mutating threats,” computer viruses that mutate much like biological viruses, making them difficult to contain and eliminate. A recent global survey revealed that 93% of cyber leaders “believe that…geopolitical instability makes a catastrophic cyber event likely in the next two years.”

 

Why “Zero Trust” Works

As cyberattacks have become more sophisticated, governments and corporations have been left struggling to keep up. The challenge? Defining and enacting policies that adequately protect organizations while enabling them to both operate and evolve in the digital space. The solution could hinge on a simple concept: “Zero Trust.”

Zero Trust is a model that boldly plans for the worst, and even assumes that privacy breaches have already happened and will continue to happen. The motto of Zero Trust is: “never trust, always verify.” That means asking all users, and all devices, to be re-verified at every single use or login. Zero Trust uses on the Kipling Method to ask the following questions:

  • Who: Who is authorized to access a resource?

  • Why: Why is the user (defined in the “who” question above) allowed to access the resource?

  • What: What application(s) can access the resource?

  • When: How long can the user or app access the resource? And during which times of day?

  • Where: Where is the resource located?

  • How: The criteria used to allow the authorized user statement to access a resource.

Despite the fact that the vast majority of cyber professionals agree that Zero Trust is the path to optimal security, only 31% of organizations have taken steps to make it happen.

We understand—migrating your org to Zero Trust is a giant endeavor. But we’ve got you covered. To learn how to manage the move to Zero Trust, click below to read our free e-book: Getting Over the “Zero Trust Hurdle”: 4 Steps to Organizational Success.

 
 

BlogsHanna OhBlogs