Insider Threats Draw Attention to Zero Trust
How much does your organization spend on cybersecurity? Across industries, average spending on cybersecurity is five to eight percent of the overall technology budget and steadily rising. Yet the cybercrime numbers are shocking: it’s predicted that cybercrime will cost the world in excess of $6 trillion annually by 2021, up from $3 trillion in 2015.
While busy protecting the perimeter, we can’t ignore the innate problem of insider threats. Incidents by insiders having skyrocketed 47 percent since 2018 to the tune of $22.45 million. At an average cost of $644,852 to control each insider threat incident, CISOs and other organizational leaders have good reason to shift from a perimeter-based authentication strategy to a more comprehensive one that views even insiders as a potential threat.
This leads us to an approach known as “Zero Trust.” This stance acknowledges we can no longer trust users just because they have been granted network access. Doing so leaves the door wide open for dissatisfied employees, governments and organized crime groups to not only gain access, but also roam the network to seek, steal and disseminate sensitive information.
Pinpointing Access Control Inside the Network
The Zero Trust framework operates by controlling access to software apps, systems and data on a “need to know” basis. A key mechanism is to segment functional areas such as finance or human resources and provide each with a protective barrier.
Access is granted to a segment only when a user requires it to perform a job. In all cases, Zero Trust makes use of four technologies and practices:
- Multi-factor authentication
- Least privilege access
- Application behavior and visibility
Within this framework, Zero Trust strategies mainly fall into one of two camps: network-centric or identity-centric. In network-centric Zero Trust strategies, the focus is on network segmentation and an application-aware firewall where the system leverages built-in intelligence on relevant applications and utilization patterns. In contrast, the identity-centric model emphasizes identity management and access control.
Zero Trust technology is catching on. The results of a recent Forbes Insight survey of more than 1,000 security professionals showed 66 percent say they have Zero Trust policies for application behavior, devices and access. Vendors are now moving forward at top speed to implement Zero Trust technologies.
Take Action With a Zero Trust Strategy
New times call for new measures. While Zero Trust strategy has been around for years, adoption is finally gaining traction as a way to deal with the rising trend of internal threat incidents. A transition to the Zero Trust strategy is unlikely to be easy or quick, but it addresses a long-neglected problem.
Learn more in our eBook, The Journey to Passwordless Authentication and Zero Trust.
Ready to get started with a Zero Trust strategy at your organization? Contact us to speak with an advanced authentication expert who can guide you through the transition.