1 minute read
CYBERSECURITY
from Cyber - March 2023
with security-conscious sectors such as financial services having already made the leap,” Rogers predicts. “In Okta’s State of Zero Trust report, 100% of financial services organisations said they planned to have a Zero Trust initiative underway in the next 12-18 months. This comes after the sector has faced a 35% increase in ransomware attacks, more so than any other industry, according to the latest report by the Anti-Phishing Working Group (APWG).”
Traditionally, security has been a world where there are a number of problems every time an attack surface expands, describes Vats Srivatsan, President and COO of ColorTokens.
Advertisement
“If you transition some of your processes to the cloud, suddenly the cloud becomes an area that is ripe with a diverse set of attacks,” says Srivatsan. “This means that CISOs are constantly playing Whack-a-Mole, fixing one area of vulnerability, just to ask if they are safe now – and the truth is no one can really tell whether they're safe or not.
“This approach is not sustainable. As a whole, we have tried – and largely failed
– to find a way to keep bad actors, phishers and hackers out. That’s why operating from a place of Zero Trust makes perfect sense.”
Change in culture needed
As Okta’s Rogers explains, many organisations are still unprepared to deal with ransomware – and employee education is key. “Staff need to be empowered to understand all security threats and be aware of the risks created by remote and hybrid working, such as when a family shares passwords, or corporate resources are accessed on personal machines,” he says.
“Employees must understand the dangers as well as the reasoning behind measures such as Zero Trust, so they’re not tempted to bypass security for the sake of convenience. However, it's equally important that security is designed in such a way that it complements user behaviour and empowers them to do their jobs rather than just add additional, often unnecessary friction.”
“Gartner has released predictions for cybersecurity that found that by 2025, 60% of organisations will use cybersecurity risk as a determinant in conducting third-party transactions and business engagements, effectively making security threat resistance a differentiator in the market,” concludes Srivatsan.
“Therefore, the time for businesses to get serious is now. Businesses need to start putting measures in place to prevent breaches, identifying and allowing only trusted transactions so that bad actors can’t take advantage of an undefined circle of trust. That starts with a Zero Trust security architecture and defining where the circle of trust is.
“Keep in mind that Zero Trust is a journey, however, you need to define your starting point now.”
HEADSPACE
