Blogs

Zeroing in on cyber security awareness month

These days, the line between our online and offline lives is becoming increasingly indistinguishable, whether in the workplace or at home. October is National Cyber Security Awareness Month, a campaign that encourages individuals, businesses and institutions to take time to educate themselves about cyber risks and online safety practices. Although no models are truly impenetrable, we’re zeroing in on zero trust architecture as the number one thing your organisation can do to make it harder than ever for attackers to bust in, says Matthew Margetts, director of sales and marketing at Smarter Technologies.

The theme for this year’s campaign is “See Yourself in Cyber”, demonstrating that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people—from both a threat and protection perspective. Zero trust focuses on precisely that by aiming to secure workers’ access to sensitive systems, networks, and data by using additional context, analysis, and security controls. Zero trust is all about principles of least privilege. Once a user is done with whatever job they’re doing, access is taken away. Essentially, zero trust means giving the right people the right access at the right time; trusting nothing, verifying everything.

The current cybersecurity landscape

The cybersecurity landscape has certainly improved over time, mostly due to consistent increases in cyber spending year after year. According to Gartner estimates, people will invest $172 billion (€177.16 billion) in cybersecurity in 2022, up from $150 billion (€154.50 billion) last year. The company suggests that spending will continue to rise steadily thereafter. Despite increased spending, the number and scope of cyber breaches continue to grow most years. Even sizable organisations that have already been compromised in the past will likely be hit again at some point.

In the past, most of these cyberattacks could simply be traced to external cybercriminals, cyberterrorists, or rogue nation-states. But things have changed, and threats from within organisations are increasing. Traditional perimeter defences are simply not designed to prevent these attacks, or keep external attackers out, for that matter. And in a hybrid world, an increasing number of enterprise resources now live outside the perimeter, making it even more challenging to protect these assets with legacy approaches.

Zero trust is reaching the top of the cybersecurity agenda for many organisations due to an escalation in insider attacks and an increase in remote work both of which challenge the effectiveness of traditional perimeter-based security approaches.

Organisations are adopting a zero trust approach to cybersecurity

An MIT Technology Review Insights poll of global business leaders revealed that:

● Three out of four organisations have become more aggressive in their approach to cybersecurity over the past two years

● End-user security tops the list of organisations’ cybersecurity concerns

● About 40% of poll respondents said their organisations have already adopted a zero trust model

● Another 18% are in the process of implementing zero trust

● 17% are in the planning stages

According to Gartner predictions, spending on zero trust solutions is set to more than double to $1.674 billion (€1.72 billion)between now and 2025.

Governments are also mandating zero trust architectures for federal organisations. For example, the Biden Administration recently signed the White House’s January 2022 Federal Zero Trust Architecture Strategy. Under this agreement, agencies have until September 2024 to achieve five specific zero trust security goals.

These large-scale endorsements have accelerated zero trust adoption, and continued developments suggest that the zero trust model will soon become the default security approach for every organisation.

Microsoft is on the zero trust side

Microsoft recently announced that numerous zero-trust features are now available in its Windows 11 operating system. Building zero trust in by default helps organisations boost their security. According to the zero trust rules in the Windows 11 Security Book, the system checks a user’s identity and location and their device’s security status, and only allows access to the appropriate resources. Other zero-trust capabilities include continuous visibility and analysis to catch threats and improve defences.

Should you adopt zero trust this cybersecurity month?

In short: yes. Of course, you can’t overhaul your entire infrastructure in a month, but use the focus on cybersecurity in October to create a zero trust strategy or build on one you already have. Studies have found that implementing zero trust architecture can:

●Reduces the average cost of a breach by at least $1.76 million

● Prevent five cyber disasters per year

● Save $20.1 million on average in application downtime costs

Why haven’t all organisations embraced zero trust?

Truth be told, deciding to embrace zero trust is much easier than actually implementing it. For many organisations, the transition process can be both overwhelming and labour-intensive. If you’re new to zero trust or unsure of your next steps as an organisation, it’s a good idea to engage with a digital transformation partner to help you design and review a zero trust architecture that meets your organisation’s specific requirements.

The author is Matthew Margetts, director of sales and marketing at Smarter Technologies.

About the author

Matthew Margetts is director of sales and marketing at Smarter Technologies. His background includes working for blue-chip companies such as AppNexus, AOL/ Verizon, and Microsoft in the UK, Far East and Australia.

Comment on this article below or via Twitter @IoTGN