Why organisations need to adopt Zero Trust
Cybersecurity Awareness Month has just passed, and this year’s theme – See Yourself in Cyber – highlighted the human side of cybersecurity. It’s a reminder that everyone has a role to play, from IT professionals to everyday people.
We all have the tools to reduce risks in our technology-dependent lives.
Cybersecurity Awareness Month was started in 2004 to address the increasing prevalence of cybercrime and to provide resources to help people be safer and more secure online. Unfortunately, cybercrime is big business, and it’s expanding.
According to Cybersecurity Ventures, the global costs of cybercrime, around $US8 trillion in 2023, are projected to balloon to $US10.5 trillion in 2025. This eye-popping number includes not only stolen money, but also damage and destruction of data, lost productivity, theft of intellectual property, theft of personal and financial data, post-attack disruption, investigation and restoration, and reputational harm.
Underscoring the human element in cybersecurity, Gartner has identified ‘attack surface expansion’ as the number one security trend for 2022. Simply put, this means more people are accessing data and accounts from more places – everything from remote work to the proliferation of digital services and devices.
All this provides opportunities for cyber criminals to attack, leaving both individuals and organisations vulnerable. That’s why the CISA and NCA are working to raise awareness about things everyone can do to protect themselves and their employers from cybercrime.
For individuals, this means understanding and practising cyber hygiene like keeping software up to date, questioning links, having strong passwords and using multi-factor authentication. The campaign also includes a call for people to consider joining the cybersecurity workforce.
For those already in IT and cybersecurity, the message is that reducing risk and building resilience takes collaboration and continued vigilance. We’ve come a long way, but so have cybercriminals. That’s why everyone needs to play their part.
Change long-held beliefs
Part of raising awareness about cybersecurity is changing long-held beliefs. One is the lingering perception that security incidents happen primarily to government entities or large corporations. The truth is that criminals are looking for vulnerabilities in every size and type of organisation. Many smaller organisations have experienced attacks because they’re slower to update systems or implement security patches.
Perception number two is that data is safer when it’s stored on-premises in a company building. In reality, cloud computing has actually created a safer environment for data and applications.
To start with, cloud data centres are built with robust physical security, including fences, guards, surveillance and biometric locks. Cloud providers are also hiring top security professionals who monitor the environment with modern tools that detect and remediate attacks in real time. Moving to the cloud has never been easier and safer than with today’s automated migration tools.
Another unfortunate belief is that cybercrime is simply an inevitability of digital life. This can cause people to be complacent and let their guard down. When a single click can be the difference between a close call and a major incident, it’s clear that the first line of defence lies with technology users themselves.
Awareness and education will help ensure a strong perimeter, but many organisations are also adopting a zero trust strategy to help users stay safe by limiting access to only what they need to perform their jobs.
Changing perceptions about cybersecurity is an important part of changing the scope of the problem, and ultimately making life much more difficult for cyber criminals.
Clearly a combination of tactics is required to combat the growing threat of cybercrime, from major infrastructure decisions to individual actions by ordinary folks. My own company has been playing its part, helping organisations to streamline their move to the security of the cloud.
Our migration solution is fast and intuitive, and security is always top priority. To learn more about migration security, or need help making a move to the cloud, contact us.