The World Economic Forum (WEF) has identified cybersecurity, cyber defenses, and cyber-resilience as crucial areas to focus on in order to rebuild trust. Through their global cybersecurity outlook 2024 report, Accenture and WEF have shed light on the gaps in cyber inequity, cyber insurance, cyber-skills shortage, cyber-resilience, and the need to build a better cyber ecosystem.
One of the key findings is that zero trust is essential in closing the trust deficit. Failing to pay attention to zero trust and cybersecurity poses the greatest threat to the long-term trustworthiness of businesses. Many companies choose not to report ransomware attacks, especially in the manufacturing sector, to maintain the trust of suppliers, investors, and customers. However, this approach leads to the widespread impact of ransomware and the destruction of smaller businesses that have not invested in cybersecurity.
Ransomware attacks and social engineering attacks have seen a significant rise. Hackers take advantage of the trust held by help desks, impersonating colleagues to obtain login credentials. Nation-state attackers are also refining their tactics to launch lucrative ransomware attacks aimed at financing missile programs and establishing underground networks for cryptocurrency laundering.
“Ransomware defense looks a lot like doing security right, throughout your environment, every day – from identity and secrets management to provisioning infrastructure, to managing data protection and backups.” – Merritt Baer, Field CISO, Lacework
Embracing zero trust means assuming that networks and infrastructure have already been breached and focusing on containing the intrusion. By treating all devices, endpoints, identities, systems, and users as untrusted by default and requiring authentication and continuous validation, trust can be established for each user, session, and resource request. The NIST 800-207 standard provides a helpful framework for organizations adopting the zero trust approach.
“You start with a protect surface and then you figure out [the technology].” – John Kindervag, Creator of Zero Trust Framework
To strengthen the WEF vision for cybersecurity, several areas need to be addressed using zero trust:
- Securing software supply chains with a zero trust framework should be a higher priority. The cyber maturity gap between large corporations and medium/small companies poses a systemic supply-chain security risk that must be addressed.
- The implementation of least privilege access, a core element of the zero trust standard, is crucial for enhancing cyber resilience.
- Microsegmentation, which involves dividing a network into smaller, isolated segments, is challenging but essential for a successful zero-trust initiative.
- Multi-factor authentication (MFA) should be integrated into workflows, minimizing the impact on user experiences. Passwordless technologies are also being considered as a long-term solution for MFA.
- Identity management on mobile devices is becoming increasingly important as remote work continues to be prevalent.
- Continuous monitoring and evaluation are necessary for effectively managing cyber incidents. AI can play a vital role in understanding and responding to anomalous behavior in real-time.
Embracing zero trust not only enhances cybersecurity but also has a positive impact on business growth. In 2024, cybersecurity will be evaluated based on its risk reduction potential and its ability to contribute to revenue growth. Organizations need to adopt a unified framework that adapts and flexes according to their evolving security and governance needs. Zero trust is instrumental in achieving these goals and can accelerate business growth by ensuring trust in every aspect of operations.
“Trust is the catalyst of growth, and getting it right is key to any business growing in 2024.” – Jeetu Patel, EVP and General Manager, Security & Collaboration, Cisco
