With cyberattacks and data breaches on the rise, a Zero Trust approach to network access is more necessary than ever before. Here’s why.
The increasing number of and sophistication of cyberattacks over the last decade, along with several spectacular and highly publicized data breaches at large corporations, have shown that a new approach and mindset towards information security is a must. Large scale data breaches have exposed the personal information of tens of millions of people and made them vulnerable to criminal exploitation. At the same time, they have had a devastating impact on the affected companies, resulting in loss of brand reputation and customers and costing them many millions in fines, fees, and settlements.
Cybercriminals are using a wide array of new technologies and tools to gain access to networks, including artificial intelligence, bots, new machine learning techniques, and social engineering. A company’s employees are often the most vulnerable point. Zero Trust network access is one effective solution.
What Is Zero Trust?
Zero Trust is defined as a framework wherein an organization never places any trust in anyone or anything outside or inside their security perimeter. Traditionally companies have assumed that a user inside of their organization was trustworthy and relied on a cybersecurity approach of ‘trust but verify’ for everyone else. That philosophy is rapidly changing to a ‘never trust and always’ verify approach to network access that focuses more on the small working groups and individuals that are most responsible for data breaches. It’s a logical response to the success of social engineering-based attacks and is one of the easiest vulnerabilities to take action on to correct.
Why Zero Trust Access Is Needed
A recent survey of more than 2,000 corporate employees highlights how weak security practices are in most companies. Although this survey focused on UK workers, the numbers are typical of businesses worldwide.
77% of employees said they had never received any security training. Since employees are often the weakest link in a company’s IT security strategy, it’s vital that they are made aware of the types of attacks they may confront and how to handle them. Security training is also the most straightforward defense to implement, as simple as a company-wide memo.
27% of employees use the same password for multiple personal and business accounts. Using the same password for social media and other accounts that may be easily compromised, often consisting of personal details that may be acquired through phishing emails or even over the phone, is a favorite way for hackers to get into a system. A Zero Trust approach would ensure that corporate account users would be required to use unique passwords at work.
14% of workers said they kept their passwords in an unsecured location at their desks. Sometimes these passwords were posted on a paper taped to a wall of their cubicle and openly visible to anyone walking by, making them easy to acquire by a disgruntled employee or a visitor. One way to combat this tendency is to adopt a two-factor authentication security layer to ensure that a stolen password is useless without an additional element to gain access. Another way is to use a company password manager so that employees don’t have to remember them. Studies have shown that more than 58% of companies don’t use either.
69% of workers said they didn’t trust the security protocols in place at their companies. When employees don’t have any faith in the security measures being used at their workplace, they tend to make up their own and use their personal favorites like free malware and virus software. This makes a company’s IT infrastructure more at risk of a data breach by creating more entry points.
35% of data breaches are caused by employees losing their laptops and mobile devices. This is a good reason for companies to keep their system passwords unique and separate from worker’s passwords.
Traditional network security perimeters are rapidly changing to meet the existing and growing threat posed by cybercriminals, and the personnel inside of an organization are one of the most significant vulnerabilities. A company that doesn’t adopt a Zero Trust approach to network access is a significant data breach waiting to happen.