Demystifying Zero Trust

If we’ve learned anything from global politics, it’s that every piece of technology equipment is vulnerable to hackers. The very idea of a data breach is enough to keep a security executive (or CISO) up at night. Bad press, huge revenue losses, eroded consumer trust and worse, heavy penalty fees have led the industry to develop the Zero Trust model.

Zero Trust is fairly literal. Meaning, it’s a security system that does not trust any user attempts to access (or work within the applications), of an enterprise system unless their ID can be verified at several points. It was created by John Kindervag of Forrester Research in 2018. Since then it’s become a buzz word that few truly grasp the meaning of.

Ordinarily, an organization’s data accessibility assumes that if you are able to log in, you can be trusted. This model has become outdated as cybercrime gets more sophisticated. 64% of organizations have experienced a phishing attack in the past year. Most hacks are the result of a phishing link in an email being clicked on. In fact, 90% of data breaches involve some sort of phishing element. Often the entry point for a hacker isn’t where the data they want lives, but it grants them access to whatever isn’t restricted. Zero Trust aims to make these kinds of scams impossible. If implemented correctly, attempts to hack into an enterprise system would trigger alarms for the security team, thus thwarting the attack before it starts.

Many organizations do not have the resources to entirely overhaul their current security measures, but thankfully Zero Trust is scalable to fit the needs of your organization. There are many iterations of Zero Trust and some of them may already be in use at your company. A lot of IT staffs have already started rolling out pieces of Zero Trust, including virtual seminars and fake phishing scam links in employee email accounts. The bigger Zero Trust picture is that data breaches are preventable, but it comes down to good training, strong security measures and knowledgeable security professionals.

Futher reading…

https://www.phishingbox.com/resources/phishing-facts

https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture