The importance of zero trust architecture during economic uncertainty

Here's how organisations can balance the needs for cost optimisation and security with a zero trust architecture

The state of the current economic climate is uncertain, and organisations are beginning to reduce their budgets. However, data breaches continue to pose a high risk, with January 2023 alone accounting for 277.6 million leaked records.

This makes it clear that no matter what, organisations must not skimp on their cybersecurity. Failure to secure crucial data can often lead businesses to face many consequences including financial loss, regulatory fines and reputational damage. The question is, how can businesses strengthen their cybersecurity to prevent these incidents while also staying cost-effective? Organisations need to understand that cybersecurity can be affordable. Rather than investing in multiple expensive solutions, companies can lean on affordable solutions that are based on zero trust architecture (ZTA).

ZTA-based solutions continuously validate and authenticate each user regardless of whether they are internal or external, and can help organisations bolster their cybersecurity in today’s vulnerable ecosystem. In fact, according to a global survey, 80 per cent of respondents either have plans to roll out zero trust solutions in the future, or have already adopted the technology. However, 20 per cent still do not have any plans to adopt the zero trust model yet. There is clearly still work to be done in proving the importance of zero trust security models to the industry.

>See also: API management for zero trust endpoint protection

Why traditional security models no longer fit

Traditional security models operate on the supposition that everything within the organisation can be implicitly trusted. After gaining initial access to an organisation’s network, users — including malicious insiders or potential hackers — can move laterally and extract sensitive data due to granular security controls. This also allows attackers to impersonate legitimate users, and move deeper to access sensitive data for a longer period of time until they finally steal information.

What’s more, once into a system, an attacker can use different methods to further exploit it, utilising built-in tools which make detection even more difficult. It is essential for companies to leverage advanced security measures and tools including ZTA to not only protect their data from hackers trying to gain access, but also from malicious insiders and hackers who managed to penetrate.

65 per cent of CISOs in the UK believe human error is their organisation’s biggest cyber vulnerability. Hackers leverage individuals’ mistakes to trick employees and gain access to a system — in fact, phishing was identified as a prime method used by hackers in 41 per cent of cyber attacks. To add an extra security layer that can compensate for human error, businesses must deploy tools that not only verify each login, but also monitor and track each user activity on an ongoing basis. ZTA does exactly this.

Harnessing ZTA to ensure high-level security

ZTA-based solutions enable businesses to continuously monitor user activity and authenticate, which can minimise unnecessary lateral movement. In case suspicious activity is identified, granted access can be revoked immediately. In fact, advanced ZTA solutions can even alert relevant authorities within an organisation to help companies investigate the matter immediately. This makes ZTA a must have for companies to ensure high-level cybersecurity.  

Furthermore, organisations who harness ZTA, can provide users with siloed access to applications and data which they need to do their jobs. In other words, companies can assign unique access levels for different users based on their roles and responsibilities — thanks to ZTA. For example, employees from IT departments may be provided exclusive access to install new software, perform upgrades, maintenance and repair. However, they may not have access to financial information which is not related to their job. Restricting which users can access sensitive information can significantly reduce possibilities for hackers to steal it.

Staying prepared for what lies ahead

The cybersecurity industry has rapidly advanced in the past decades to help institutions protect their sensitive data. And the past few years only made it more important for organisations to strengthen their cybersecurity as digitalisation became a norm. However, the fact that hackers continue to find unique ways to penetrate can not be overlooked.

Regardless of any cybersecurity solution deployed, companies must be able to take a holistic approach towards their IT security. From providing basic cybersecurity training to all employees on an ongoing basis, to having a cybersecurity best practices guide in place, organisations need to maximise their cybersecurity measures rather than depending upon a single solution.

Businesses must build a sustainable cybersecurity strategy that takes each area of their company into account, not only from the perspective of mitigating the risk of a data breach, but also from the outlook that prepares companies and individuals to deal with a potential cybersecurity incident. This can ensure that organisations are able to resist a cyber attack, in case it occurs, by taking appropriate steps to identify, report, and mitigate the further impact.

Threat surface continues to expand as the world becomes more digitally connected. Companies must take a holistic approach towards their cybersecurity and identify their vulnerabilities on an ongoing basis. Taking a proactive approach can help organisations better protect themselves from cyber attacks.

Dominik Birgelen is CEO of oneclick.


Considering digital trust: why zero trust needs a rethinkConsidering the important role of digital trust in the security strategy.

How COVID-19 made zero trust the right approach to modernise networksExploring the rise of zero trust architecture since COVID-19 took hold.