According to Gartner’s latest forecast, organisations now consider zero trust as a critical strategy to reduce risk and exposure, but few organisations have completed zero-trust implementations. In fact, Gartner predicts that only 10 per cent of large enterprises will have a mature zero-trust programme implemented by 2026.
Zero trust is a security measure that identifies users and gives them the appropriate amount of access, enabling businesses to operate with minimal hurdles while risks are decreased. Attackers typically exploit the implicit models established within organisations infrastructure by establishing malware. Zero trust addresses these threats by demanding assessed and calculated trust between users, devices, and resources alike.
Gartner said as the enterprise attack surface expands faster, attackers will begin to target assets and vulnerabilities outside the area of zero-trust architectures (ZTAs). It recommended organisations adopt a zero-trust strategy to reduce risks for the more critical assets. It is important that organisations focus on identity as well as improve the technology and the people and processes to develop and manage those identities. Zero trust aims to limit cyberattacks. It predicts that more than half of cyberattacks will be targeted at areas that zero trust controls do not cover.
Michael Smith, CTO, Neustar Security Services said, “over the last two years, we have witnessed a mass-acceleration of hybrid capabilities and businesses have started to realise just how exposed they are. While organisations may have learned from their initial shortcomings by improving their backup and recovery measures, adding more and more remote capabilities has led to new gateways to companies’ networks. As we know, with added network complexity, comes increased risk and exposure. At the same time, cyber extortionists have developed new strains of malware and are adopting far more menacing and sophisticated attack methods to target our infrastructure.
“As Gartner’s report suggests, there has been an increased demand for zero-trust measures and protection for organisations. Cyber-attacks are not isolated, and success on one front will only lead to attacks on many more. Leaders need to review their current security technologies and mitigation plans. They will have to rapidly operationalise their investments to deliver time to value and keep up with the accelerated rate of change we are seeing throughout the cybersecurity industry – especially if they want to stay ahead of the more dangerous threats. All organisations should be committed to best current practices (BCPs) and know that they are responsible for their customers’ data.
“Cybersecurity experts consistently emphasise the importance of layered defences — including conducting regular backups, patching of all software and systems, and employee education — but increased attack sophistication is making the need for early detection even more critical. In today’s global, connected environment, all organisations need to be committed to improving their security ecosystem. As cyber extortionists continue to adapt and evolve, internal security teams now need to prioritise an even broader range of prevention and mitigation measures.”