In zero we trust: When firewalls no longer hold ground
From Copenhagen to Cape Town, Sydney to San Francisco, across the world, the end of a year signals a time to unwind, reflect, and indulge in the festivities. In the cyber world though, ‘tis the season ripe for attacks
Saad Toma, general manager, IBM Middle East and Africa.
While businesses slow down during this time, cyber criminals do not. In fact, taking advantage of employees that are distracted by the holiday season could lead to a catastrophic expense for businesses to close the year on.
Today, as indicated in the Ponemon Institute and IBM Security annual Cost of a Data Breach Report data breaches cost companies studied in the region close to $6.93 million per breach on an average, a figure higher than the global average of $4.24m per incident.
Considering these alarming numbers, it comes as no surprise that cybersecurity features among the top pain points for every business leader regionally.
Phishing attacks were found to be the most common root cause of breaches that target organisations in the Middle East, followed by stolen user credentials such as name, email and password. In other words, human error in the form of click-bait or weak password policies are opening a business’s doors to cybercriminals, highlighting the need to take a ‘zero trust’ approach to cybersecurity.
‘Zero trust’ as a concept was first coined and introduced in 1994, but gained popularity almost a decade later when it was proposed as a definitive step to combat cyber challenges.
Today with the debilitating effects of cyber-attacks impacting businesses of all sizes, zero trust is seeing a steady resurgence, as businesses begin to realise the security value of operating under the assumption of compromise.
Stranger danger: Trust no-one
As the name suggests, in a ‘zero trust’ security approach no-one within or from outside the network is trusted by default. It calls for continuous authorisation and authentication of all users trying to gain access to an organization’s network. In other words, unlike a conventional IT system, which offers access to anyone within its approved network, a ‘zero trust’ architecture trusts no-one at all times – everyone is viewed as a stranger posing a potential danger to an organisation’s network, requiring constant user verification.
To better understand how organisations are implementing ‘zero trust’ security, the IBM Institute for Business Value partnered with Oxford Economics recently to survey more than 1,000 operations and security executives from across the globe.
The study showed that a growing number of organisations in the region are looking to new security interaction models like ‘zero trust’ to help them maintain a robust security posture.
Tactical metrics indicate that organisations are now starting to apply a ‘zero trust’ approach to security operations – 67 percent of Middle Eastern organisations have adopted 2-factor (2FA) or multi-factor authorisation (MFA) across all channels. 50 percent of laptops, desktops, servers and mobile devices in the Middle East are protected by full-disk encryption, while 60 percent of endpoint devices are monitored for suspicious activity, vulnerabilities, and policy violations.
One of the top findings from the study was insights from a noteworthy group we refer to as the “zero trust pacesetters”, who were found to be ahead of their peers in deploying ‘zero trust’ capabilities across their IT and OT environments and in their interactions with ecosystem partners.
Phishing attacks were found to be the most common root cause of breaches that target organisations in the Middle East.
These organisations have fashioned their IT and security operations as a single estate. They are proficient in partnering internally and externally to manage cybersecurity risk. They have modernised their security operations and they recruit, develop, and retain skilled cybersecurity resources to enable ‘zero trust’ capabilities across their digital estates.
While these are steps in the right direction, it is essential that businesses have controls in place to manage who has access to what data, and for how long. Implementing privileged access management is a key component of this.
‘Zero trust’ pacesetters are also nearly twice as far along in implementing four competencies referred to as the ‘zero trust’ building blocks, which includes, a strong foundation for ‘zero trust’ security operations, automation capabilities, improved resilience and an adaptive talent management system.
Trust in a digital-first world
Trust is key to delivering value in any transaction. While it has become the basis for collaboration and partnership, our view and approach to trust, however, has undergone huge shifts in today’s hyper-sensitive environment. We’re moving into an age where for businesses to strengthen customer trust in digital experiences, their own security strategy must be founded on ‘zero trust’.
A ‘zero trust’ world calls for new ways of working, one that requires not just a new security model, but also a shift in our mindset.
As we prepare to welcome the new year and embrace new opportunities in a digital-first world, it would do good for business leaders to spend time in “security introspection” to define and adapt to a more holistic, collaborative, and a resilient zero trust pacesetters’ approach to cybersecurity.
Saad Toma, general manager, IBM Middle East and Africa
Follow us on
For all the latest business news from the UAE and Gulf countries, follow us on Twitter and LinkedIn, like us on Facebook and subscribe to our YouTube page, which is updated daily.
By Saad Toma
More of this topic
In zero we trust: When firewalls no longer hold ground
From Copenhagen to Cape Town, Sydney to San Francisco, across the world, the end of a year signals a time to unwind, reflect, and indulge in the festivities. In the cyber world though, ‘tis the season ripe for attacks
While businesses slow down during this time, cyber criminals do not. In fact, taking advantage of employees that are distracted by the holiday season could lead to a catastrophic expense for businesses to close the year on.
Today, as indicated in the Ponemon Institute and IBM Security annual Cost of a Data Breach Report data breaches cost companies studied in the region close to $6.93 million per breach on an average, a figure higher than the global average of $4.24m per incident.
Considering these alarming numbers, it comes as no surprise that cybersecurity features among the top pain points for every business leader regionally.
Phishing attacks were found to be the most common root cause of breaches that target organisations in the Middle East, followed by stolen user credentials such as name, email and password. In other words, human error in the form of click-bait or weak password policies are opening a business’s doors to cybercriminals, highlighting the need to take a ‘zero trust’ approach to cybersecurity.
‘Zero trust’ as a concept was first coined and introduced in 1994, but gained popularity almost a decade later when it was proposed as a definitive step to combat cyber challenges.
Today with the debilitating effects of cyber-attacks impacting businesses of all sizes, zero trust is seeing a steady resurgence, as businesses begin to realise the security value of operating under the assumption of compromise.
Stranger danger: Trust no-one
As the name suggests, in a ‘zero trust’ security approach no-one within or from outside the network is trusted by default. It calls for continuous authorisation and authentication of all users trying to gain access to an organization’s network. In other words, unlike a conventional IT system, which offers access to anyone within its approved network, a ‘zero trust’ architecture trusts no-one at all times – everyone is viewed as a stranger posing a potential danger to an organisation’s network, requiring constant user verification.
To better understand how organisations are implementing ‘zero trust’ security, the IBM Institute for Business Value partnered with Oxford Economics recently to survey more than 1,000 operations and security executives from across the globe.
The study showed that a growing number of organisations in the region are looking to new security interaction models like ‘zero trust’ to help them maintain a robust security posture.
Tactical metrics indicate that organisations are now starting to apply a ‘zero trust’ approach to security operations – 67 percent of Middle Eastern organisations have adopted 2-factor (2FA) or multi-factor authorisation (MFA) across all channels. 50 percent of laptops, desktops, servers and mobile devices in the Middle East are protected by full-disk encryption, while 60 percent of endpoint devices are monitored for suspicious activity, vulnerabilities, and policy violations.
One of the top findings from the study was insights from a noteworthy group we refer to as the “zero trust pacesetters”, who were found to be ahead of their peers in deploying ‘zero trust’ capabilities across their IT and OT environments and in their interactions with ecosystem partners.
These organisations have fashioned their IT and security operations as a single estate. They are proficient in partnering internally and externally to manage cybersecurity risk. They have modernised their security operations and they recruit, develop, and retain skilled cybersecurity resources to enable ‘zero trust’ capabilities across their digital estates.
While these are steps in the right direction, it is essential that businesses have controls in place to manage who has access to what data, and for how long. Implementing privileged access management is a key component of this.
‘Zero trust’ pacesetters are also nearly twice as far along in implementing four competencies referred to as the ‘zero trust’ building blocks, which includes, a strong foundation for ‘zero trust’ security operations, automation capabilities, improved resilience and an adaptive talent management system.
Trust in a digital-first world
Trust is key to delivering value in any transaction. While it has become the basis for collaboration and partnership, our view and approach to trust, however, has undergone huge shifts in today’s hyper-sensitive environment. We’re moving into an age where for businesses to strengthen customer trust in digital experiences, their own security strategy must be founded on ‘zero trust’.
A ‘zero trust’ world calls for new ways of working, one that requires not just a new security model, but also a shift in our mindset.
As we prepare to welcome the new year and embrace new opportunities in a digital-first world, it would do good for business leaders to spend time in “security introspection” to define and adapt to a more holistic, collaborative, and a resilient zero trust pacesetters’ approach to cybersecurity.
Saad Toma, general manager, IBM Middle East and Africa
Follow us on
Abdul Rawuf
Abdul Rawuf More by Abdul Rawuf
Latest News