New cyber threat landscape spurs shift to zero trust security paradigm
Image: Unsplash/Adi Goldstein
Listen to the article
- The world is interconnected like never before but as this digital connectivity expands, so does our vulnerability to cyber attacks.
- Addressing this increased risks requires a new approach to data security and that is the zero trust model of cybersecurity.
- Taking a zero trust approach will help protect data and enable organizations to realize the potential of digital transformation.
Our everyday life is digitally reliant and interconnected like never before. However, as our digital connectivity expands, so too does our vulnerability and exposure to malicious cyber-attacks.
Tech-driven trends that empower, enable and influence how we communicate, work and learn are driving immense business and public service opportunity, whilst triggering significant digital challenges across today’s cyber landscape. Addressing these risks requires a new approach to data security – enter zero trust.
How is the Forum tackling global cybersecurity challenges?
Zero trust is a cybersecurity model that shifts how organizations approach security from reliance solely on perimeter defences to a proactive strategy that allows only known good activity across ecosystems and data pipelines.
Adopting this new approach will help increase trust in digital services, protect data and enable organizations to realize the huge potential of digital transformation.
Never trust, always verify
A paradigm shift in IT security, zero trust is a definitive departure from traditional security protocols which are no longer suited to the world we live in, how we work, and how we access online services.
Increasingly, the old cybersecurity standard of ‘trust first, verify later’ is being scrapped and replaced with a counterintuitive concept of ‘never trust, always verify’.
Since Forrester’s John Kindervag first coined the term zero trust, the model’s guiding principle has been to “deny access to applications and data by default”.
Now more than ever, enterprises and organizations benefit from the continuous verification requirement that repeatedly checks identities of every person or device before allowing access to digital assets.
Zero trust is a “data-centric approach that continuously treats everything as an unknown”, explains the World Economic Forum's Centre for Cybersecurity, “whether a human or a machine – to ensure trustworthy behaviour”.
Building momentum for a 'no trust' model
Momentum is building for acceptance of the no trust model, due largely to rising security threats from without and within. And more than that, pressure is mounting to comply with international regulatory demands, as seen in Europe and the US, among the first government agencies and critical infrastructure providers now mandating the adoption of Zero Trust Architecture (ZTA) by 2024.
Whatever the incentive, once implemented, ZTA can expand an organization’s alignment of cybersecurity strategy across environments – both in the cloud and at the edge – ensuring networks of the future are cybersecurity ready.
The benefits of a zero trust implementation are realized in:
- Greater control over access
- Authorization to applications and sensitive data
- Reduced IT complexity
- Delivery of secure, predictable results for all users
- Secures 5g built outside the protection of a service provider enabling of all 5G benefits
- Enhanced cloud-based security
The advent of revolutionary 5G technology with advances in speed and connectivity promises seismic improvements in vital, quality-of-life sectors like healthcare, notably medical research, and treatment. However, greater capacity also brings wider vulnerability.
Unleashing the full potential of 5G while protecting its networks against attack will require major investment in zero trust security infrastructures.
Once implemented, zero trust will likely be the defining factor in scalability, security and sustainability of 5G and its supporting multi-cloud networks.
Zero trust journey to the cloud
Similarly, organizations moving digital assets to the cloud also face heightened security risks. Default cloud security controls may be ineffective at preventing cyber-attacks, as the Elastic Threat Report suggests, and users overestimate the security of their cloud deployments.
By incorporating a zero trust platform in the fundamental design of the new cloud infrastructure, the journey to cloud-delivered solutions can realize:
- Secure access from any user or device, regardless of location
- Reduced complexity of IT network-security architectures
- Optimized IT resources to focus on priorities
- Simplified user experience with single sign-on (SSO) and password tools
- Expedited, seamless access to applications for hybrid workers
Targeted industries seeking security gap solutions
Without the zero trust paradigm, industries with vital services that become more open and globalized are gambling with their data protection.
The majority of IT leaders question the adequacy of current cyber systems to bridge security gaps, according to the recently published 2022 Dell Technologies Global Data Protection Index:
- 76% say data protection solutions are lacking for newer technologies like cloud, edge, and the internet of things
- 69% expect a disruptive event to occur in the next 12 months
- 86% have already experienced a disruption in the last year
In the last 36 months, Skybox Security found, the most-targeted industry of manufacturing faced 61% of operational technology cyber attacks; the oil and gas industry accounted for 11% of attacks.
These and other critical industry sectors, including fintech, are increasingly looking to zero trust for new digital security solutions.
The path forward – disrupting the disruptors
Disruptions by cyber threat actors will no doubt increase. Whether challenges are sophisticated cyberattack schemes, geopolitical tensions, or supply chain vulnerabilities, a more effective approach is needed to confront present day digital challenges.
Companies and governments entering the new frontier of zero trust will not find a one-size-fits-all solution. The new architecture requires a multi-layered approach tailored to the security needs of each organization.
There is no neutral IT decision with respect to risk. It's not about security outside of the IT decision, it's about security that is intrinsic and tied to every IT decision, every vendor selection, every architectural decision.
”It’s time to embrace the zero trust paradigm. Organizations of all sizes should engage with trusted public-private sector partners to place zero trust at the heart of the digital infrastructures we build today for healthcare, education, energy, communication and more.
By mandating its inclusion, governments are leading the way – it’s important that industries, sectors and communities now seek to move in the same direction to meet generation-defining digital challenges.
Also, read the Globals Risks Report 2023 to know about the leading global threats.
Don't miss any update on this topic
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.
The views expressed in this article are those of the author alone and not the World Economic Forum.
Stay up to date:
Cybersecurity
Related topics:
Forum Stories newsletter
Bringing you weekly curated insights and analysis on the global issues that matter.
More on CybersecuritySee all
Kate Whiting
December 12, 2024