Is Zero Trust the Answer to Cybercrimes?

cybersecurity concept

In 2017, the NHS faced what it described as its biggest cyberattack in history. A ransomware known as WannaCry, which had already infected thousands of networks around the world, eventually found its way to the UK’s healthcare system.

It impacted at least 80 trusts—about twice than previously reported—and prevented healthcare facilities and providers from accessing their medical equipment such as MRI scanners and mobile devices. Over 25 percent of the trusts and many general practitioners and specialists needed to delay or suspend urgent procedures.

These cases, despite being widespread, are not isolated. Some experts even believe that the number would only increase in the coming years. In 2020 alone, there have been about 400 million cyberattacks detected.

However, most commonly believe that cybercrimes, such as data breaches and ransomware, can occur because of external threats. What many seem to forget (or perhaps ignore) is the possibility of an inside job. To shield a business from an intrusion on both fronts, several CEOs and IT administrators use the zero-trust approach.

What Is Zero Trust?

Zero trust is a model, concept, philosophy, or principle that stresses an organization should never trust anyone, including their people (yes, even the management is not exempted). This isn’t surprising since the majority of these cyberattacks are inside jobs, according to IBM research.

In 2015, for example, outsiders committed only 40% of the cybercrimes. The rest were insiders. While 15% were inadvertent actors, nearly 45% of these inside-job attacks were malicious.

Coined by John Kindervag of Forrester Research in 2010, it suggests that no company should trust network traffic and that it should ensure that every access to the network is secure. Moreover, it aims to reflect the security needs of the times.

Zero trust tries to replace the castle-and-moat approach many years ago. In the analogy, a firewall, which experts liken to a fortress, protected the company’s system, which symbolized the castle. The problem with this model is that it wouldn’t work in the age of cloud computing, and it was also extremely restrictive.

Companies can explore many ways to implement zero trust. These include:

  • Implementing a multi-factor authentication
  • Limiting the access of individuals (e.g., they may not be able to open files or read information from other departments)
  • Opting for database tracking, such as MSQL performance monitoring
  • Providing conditional access control according to the context of the network request
  • Strengthening policies, like bring your own device (BYOD)

hacker concept

Pros and Cons of Zero Trust

What makes zero trust beneficial that even Google and Microsoft are already implementing it? One of its biggest applications is in controlling or eliminating the vulnerability of the 5G network.

A 5G connection promises hyper speed, low latency, and immense connectivity capability that, when it comes to tech, it seems the sky is the limit. It can help build smart cities and run self-driving cars. It can encourage the growth of the Internet of things (IoT).

However, experts also identified at least ten vulnerabilities. For example, cybercriminals can hijack emergency alerts often delivered via texts or incoming calls. The 5G network also means more users, devices, networks, equipment, and systems connected.

With zero trust:

  • Cybercriminals are less likely to penetrate all levels of a system or network. It may then help prevent the risk of a massive data breach.
  • It may prevent both external and internal users from accessing just any point of the network, which can open an opportunity to malicious actors.
  • Because zero trust advocates for constant monitoring, IT administrators are more likely to catch a breach before it gets worse.
  • Companies can also perform analytics and spot patterns that may indicate an attack is about to happen.

Zero trust, though, doesn’t happen without challenges or disadvantages. Some think that the approach is still restrictive. It may even curb innovation or reduce productivity and efficiency as employees may not be able to access or use the information they need immediately. Instead, they would have to go through many steps and deal with many people and departments.

Further, this model may become more difficult to implement as more players, networks, and equipment or devices become part of the system.

The cost of cyberattacks is staggering. According to the World Economic Forum (WEF), a lone malware attack cost the industry over $2.5 million in 2018. Within the same period, ransomware cost at least $500,000.

Cybercrimes don’t spare small businesses, which are likely to lose $200,000 a year from a data breach. Some cannot recover that at least 40% eventually shut down after an attack.

Zero trust sounds like the holy grail the world needs to pull the plug on cybercrimes. But in reality, it’s not the be-all, end-all solution. To stop these attacks is to perform an offense on many fronts. The model also needs to evolve to reflect the changes in connectivity and network security needs.

Don’t Stop Here

More To Explore

women in a meeting

Tools and Strategies to Generate More Leads for Your Business

Marketing remains an integral part of every business. Professionals develop different tactics and strategies to ensure that they are piquing potential customers’ interests to maintain or grow profit. However, it can be challenging to get things done when marketing teams are not seeking aggressive measures. Fortunately, lead generation allows companies to increase their chances of

online reviews

Top Breakthrough Technologies Dominating This Year

While the year 2020 was one that most people would prefer to forget, it was the year when technological innovation, connectivity adoption, and digital transformation accelerated dramatically—introducing new technologies taking over 2021. These latest technologies lie at the heart of resolving or speeding up megatrends, necessary to address large-scale challenges like pandemics, aging economies, and

singapore at sunset

E-commerce Trends to Expect in Singapore

The Minister of Trade of Singapore recently announced plans of making the island-state into a hub for e-commerce in the region and the world. The plan involves enhancing the digital infrastructure of the country that has become the preferred destination of multinational companies. The move comes after authorities have gradually controlled the spread of the

Scroll to Top