Brief Statistics compilation:
- The World Economic Forum 2022 Report shows that 98% of organizations were more concerned about insider Threats in 2021.
- There will be 29.3 billion networked devices globally by 2023, in the business sector (crowd strike 2021)
- Zero Trust market estimated worth would hit $60.7billlion by 2027 (Market and Markets, 2022)
- 80% of C-level executives have Zero Trust as a priority for their organizations (CSA research result of 823 responses from IT and security professionals from various organization sizes and locations including 219 C-level executives)
- By 2025 60% percent of organizations will embrace Zero Trust as a starting point for security," (Gartner June 2022)
- The average cost of a breach in 2021 is $4.2 million (WEF Report 2022)
- 84% of any security attacks start from endpoints ("Endpoint Still a Prime Target for Attack," Dark Reading, Sep 2021, crowdstrike)
According to Flashpoint, The State of Data Breach Intelligence 2022 Q1/Q2 Top 3 Security concerns of most organizations are:
- Loss of sensitive data 64%
- Unauthorized access 51%
- Security settings/Misconfig 51%
These above-listed pointers could be indications as to why the need to implement the "Zero Trust" Approach.
What then is Zero Trust? Is it a Model, Programme, or an Advisory against threat actors
While we are yet to fully grasp the full knowledge of all current technologies, the rapid evolution of new emerging technologies has given rise to multiple cyber terms and techniques: such as "Zero Trust". These technical words seem to raise much awareness but bring complexity to the scope of security meaning.
"Zero Trust" is Not a new concept, Neither is it a Golden bullet for every cybersecurity problem.
It focuses on enforcing strict security access, identification, and verification - " Never Trust Always Verify"
Gartner's VP Analyst Neil MacDonald - "Zero trust is a way of thinking, not a specific technology or architecture,".
Nevertheless, the Zero Trust metrics are critical to every business's operational Survivability.
The approach should be developed, reviewed, and implemented by the CISO with the assistance of the security team, based on internal organizational security specifications, GDPR toolkit considerations on a Trusted Platform technology designed to provide key access controls and monitoring on both user and human-machine security-related functions.
Zero Trust Approach Used Cases:
1) Cloudflare manages zero-trust access controls
2) Repsol embraces two approaches to zero trust (Zero trust mindset and As a programme)
3) Microsoft (Zero Trust Maturity Model)
4) Schneider Electric (takes a principles-driven approach on zero trust and OT)
No fixed security architecture solution is adequate for responding to increasing corporate threats and attacks sophistication, Hence Zero-Trust is not a Destination but a Journey that requires constant review and implementation to secure the company's crown jewels, strengthen security posture and achieve business operational goals.
------------------------------
David Olugbenga
Cybersecurity Analyst
Cybersine
------------------------------