More Organizations Are Undertaking Zero-Trust Initiatives
The good news is that most organizations do seem convinced. In fact, 61 percent of organizations had a defined zero-trust security initiative in place last year, up from just 24 percent in 2021, according to a survey by Okta. Organizations are investing more in their security as well, with 89 percent of North American businesses reporting budget increases, and more than a third claiming increases of 25 percent or more.
That’s good progress. But it still leaves nearly 4 in 10 organizations -without a real strategy to defend against cyberattackers’ favorite and most -successful tactics. Smaller businesses are the least secure: Less than half of organizations with fewer than 1,000 employees report having a zero-trust initiative in place. That scares me.
RELATED: Get started with a rapid maturity assessment.
AI Will Enable More Custom-Built Cyberattacks
Zero trust is a “never trust, always verify” approach to security management. It’s not a solution or even a set of solutions, but rather a security mindset that includes solutions, policies, tactics and training. It requires all users to verify their identities whenever they seek access to network resources, regardless of the devices they’re using or the networks they’re logging in from.
Attackers love identity-oriented attack strategies because they work. It’s easier to fool people into giving up their credentials or to click on a corrupt link than it is to hack into networks.
One reason for that is the scalability of sending mass phishing emails. Another is that social engineering exploits people’s natural inclinations to be trustful and helpful: Click rates on phishing emails are nearly 18 percent.
And in the age of generative artificial intelligence, the problem is only going to get worse.
READ MORE: Experts share what cyber resilience means and how to achieve it.
AI systems can easily be trained to communicate in real time, fooling people into thinking they’re texting or emailing another human. They can also quickly scan social media to gather personal details, which can then be leveraged to create attacks -custom-built for individual targets.
“It’s going to get a lot harder in the future as you have attacks that get much more bespoke and far more personalized,” Jeetu Patel, executive vice president and general manager of security and collaboration for Cisco, told BizTech last year. “Instead of an email from a fake prince offering you $10 million, it’s going to say, ‘Hey, Bob. Nice to see you last night at the game. Here’s a link to some pictures you might want to download.’”
As I said, it’s scary. A zero-trust approach to security, while not foolproof, is any organization’s best chance to avoid and mitigate attacks and to recover quickly from the few that do happen.
To start the process of deploying a zero-trust security model, reach out to a trusted partner.