Zero Trust Progress: The Best Defense Is a Good Offense

Business, As Usual, Is No Longer an Acceptable Cyber Defense

The way the adage goes is that the best defense is a good offense and in wake of the latest cybersecurity data breaches of Last Pass and Apple, the offense in question is facing deeper scrutiny. According to a NextGov report, most government agencies are ahead of corporations in adopting and implementing zero trust architecture with 72% of government organizations reported to already be implementing the framework in comparison to just 56% of companies. The data published within this report seems to suggest that businesses are viewing the transition to a zero-trust model as a lower priority and remain slow to act when it comes to the change. However, following the news of these recent, high-profile breaches and the release of this report, it seems to be in companies’ best interests to take the transitory leap sooner rather than later. Sai Huda, Chairman, CEO of CyberCatch and globally recognized risk and cybersecurity expert says that given the continuing and increasing cyber-attacks. Business, as usual, is no longer an acceptable cyber defense.

 

Zero Trust: A Journey to Optimal Cyber Security

As the threat landscape continues to evolve, Huda firmly believes that Zero Trust is a vital player in an optimal cyber security program.

“Zero trust is a journey to optimal cyber security. The ultimate objective of zero trust is to have a cyber security program in place that trusts no one and nothing and enforces continuous proofing to keep threat actors out and prevents data theft, ransomware, or other adverse outcomes,” Huda said.

The recent actions taken by federal agencies seem to indicate that they might agree.

President Joe Biden’s 2021 executive order claims that federal agencies have made “tremendous” progress toward implementing cybersecurity upgrades mandated and that the Cybersecurity & Infrastructure Security Agency (CISA) with the assistance of partner agencies has worked with the National Institute of Standards and Technology (NIST) to develop an inventory of critical software. This inventory includes placing strict development and security controls on software providers, according to written testimony from Eric Goldstein, executive assistant director for cybersecurity at CISA.

The data highlighted, indicates that agencies are making the transition to zero trust more quickly and completely than corporations are, so, naturally the status of just how far along the government has progressed in these initiatives has come under question. According to a data brief published in May 2022, by the end of the fiscal year, more than 50 federal agencies expect to have EDR Technology. These technology platforms can alert security teams of malicious activity and enable immediate investigation and containment of attacks on endpoints.

 

Current Cybersecurity Strategies

Biden’s executive order comes at a time when most organizations feel unprepared to defend themselves against cyber attacks. Based on the opinions of 400 IT professionals and leaders involved in their company’s cybersecurity strategy, Cybersecurity Dive found that almost one in five organizations is not prepared for a potential ransomware attack. About 15% of respondents said they were unprepared for an attack, either very unprepared or somewhat unprepared. The NextGov report along with the highly publicized data breaches of LastPass and Apple may serve as a signal to companies that it’s time to make the full transition to zero trust.

 

The Impact of Recent Data Breaches

Last Pass, a popular password manager system used by over 33 million people in the world, announced a recent data breach via their CEO Karim Toubba who wrote that “an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information.” Those who use the platform were assured by Toubba that their password vaults remained uncompromised, with the company claiming: “We have seen no evidence that this incident involved any access to customer data or encrypted password vaults”.

Although Last Pass hasn’t been immune to hackers before; in 2021, it faced a similar conundrum when credential stuffing was reported, putting master passwords and usernames at risk.

In a similar fashion, tech company Apple suffered a recent cyber attack that left the company warning its users of security flaws with the potential for serious exploitation from hackers. If successful, hackers could potentially gain full admin access to devices: the iPhone6S and later models; several models of the iPad, including the 5th generation and later, all iPad Pro models and the iPad Air 2; and Mac computers running macOS Monterey.

 

What Can We Learn From This Report?

Why should businesses pay attention to this report? Huda believes that CISA is expected to issue the final zero trust maturity model soon.

“CISA is expected to issue the final zero trust maturity model anytime now. But in the meantime, all federal agencies, federal contractors, and the rest of the supply chain and the industry should implement the prescribed cybersecurity controls and proactively mitigate cyber risk,” Huda said.

“The zero trust maturity model will become the law of the land soon. Thus It is necessary to stay one step ahead of the threat actors and keep our nation and businesses safe.”

Until then, what is his recommendation? Implementing cybersecurity controls and proactively mitigating cyber risk should be a priority for all federal agencies, federal contractors, and all other sectors and supply chains.

Follow us on social media for the latest updates in B2B!

Latest

Hotel demand
Travel in 2023 Isn’t Slowing: Will Economic Headwinds Threaten Hotel Profits?
December 1, 2022

Travel in 2023 will not be slowing down. This would normally be perceived as good news for hoteliers, but PwC’s Hospitality Directions report paints a more mixed picture for hotels; the report indicates that economic headwinds may threaten the pace of recovery in the industry, despite record highs for metrics like RevPAR this year. According […]

Read More
B2B payments
There Will Not Be a Dominant Player Taking Over B2B Payments in 2023
December 1, 2022

B2B payments are facing an exciting trend in the space, as vendors continue to innovate to offer new and better solutions for this $30 trillion industry. According to PaymentsJournal, continuous improvements in B2B payments are largely driven by the complicated infrastructures necessary for international payments and a pressing need for greater flexibility. With a company […]

Read More
COP27 drew focused attention on the role of the built environment in global carbon emissions. Where does AEC need to start to make a change?
Is the COP27 Focus on AEC Carbon Emissions Telling the Whole Story?
December 1, 2022

Construction sustainability continues to be an emphasis for international leaders. COP27, the UN’s gathering of more than 90 heads of state and 35,000 delegates from 190 countries, convened earlier in early November to discuss unified action against climate change and which industries need to take on a bulk of the responsibility to adjust operations and […]

Read More