It simply means that despite the confidence we may have in our IT security systems and business processes, we assume that cyber criminals and internet bad guys can and will at some point in the future find a way to circumnavigate our firms security defences.
With an assumed breach or Zero Trust mentality we proactively plan ahead of time what actions we will take to contain the blast radius when the inevitable security compromise impacts our firm. When fully invested in this approach, we definitely don’t wait until the horse has bolted before starting to build our security systems, policies and procedures.
Instead of assuming everything behind our internet firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an open public network regardless of where the request originates or what resource it accesses.
Zero Trust teaches us to “never trust, always verify.” Every access request is fully authenticated, authorised, and encrypted before granting access. Data is segmented and least privileged access principles are applied to minimise lateral movement.
It is common in security breaches to see an attacker gain a small foothold on a network and then move laterally inside the network. This is possible because everything and everyone already on the network is trusted with full access to the rest of the network.
In a zero trust architecture, the internal network is treated as hostile, (Assumed Breach) so every request for data or service access is continually verified against defined security policies before access is granted.
Implementing Zero Trust Security within your business can help guard against data breaches, downtime, productivity loss, customer churn, and reputation damage. Over 70% of businesses planned for the deployment of Zero Trust in 2022 and it is even more critical for SMBs in an era where workforces and networks are becoming heavily distributed across offices and homes.
Still Not Convinced?
Let’s look at a few statistics that should convince you of the seriousness of today’s cyber threat landscape as well as the need for a Zero Trust approach:
- Human error causes close to 25% of data breaches. Unfortunately, you can’t completely mistrust an external network nor can you fully trust even a single user within your network.
- Experts predict that ransomware attacks will occur every 11 seconds in 2022. This gives you no time to be complacent.
- Over 40% of employees are expected to work from home post-pandemic. When this happens, many devices, users, and resources will interact entirely outside the corporate perimeter. This increases the risk of an incident occurring.
- Phishing attacks have increased by over 60% since the pandemic started. To counter such a scenario, cybersecurity policies must be dynamic and adapt to address additional concerns.