Estimated reading time: 1 minute, 31 seconds

'Zero Trust' Wins Moment in Sun After Huge Cyberattacks

More than a decade after researcher John Kindervag first argued that owners of sensitive computer networks should put strict limits on anyone in their networks no matter who they are, two massive hacks have made “zero trust” the cybersecurity industry’s maxim. So reports Bloomberg.

cyber 4084714 640 small“People told me I was crazy,” Kindervag said of initial reaction to his 2010 research. But earlier this year, the National Security Agency called on administrators of systems involving critical infrastructure and national security to embrace zero trust.

Previously, computer security networks often relied on the “castle and moat” model, meaning that money is spent on perimeter security but users who have logged into the system are assumed to be safe. With zero trust, users within a system must keep authenticating their credentials as they move through the network.

The push for zero trust has stepped up lately after the suspected Russian hack involving cybersecurity firm Solarwinds and the China-linked cyberattack exploiting a flaw in Microsoft’s Exchange email software. Cybersecurity experts have said that zero trust might have mitigated the fallout from the attacks and helped the government track the hackers.

U.S. Chief Information Security Officer Christopher DeRusha said in a recent hearing that zero trust “prevents adversaries from the kind of privilege escalation that was demonstrated in the SolarWinds incident.”

Breaches with national security implications aren’t the only concern. A recent UK government survey found that some 40% of businesses underwent a cyberattack in the past year. Of those, more than 80% experienced phishing attacks.

According to another recent study, by research firm Canalys, 31 billion data records were compromised over the last 12 months. That accounts for more than half of the 55 billion data records exposed since 2005.

Canalys chief analyst Matthew Ball said in a statement, “Prioritize cybersecurity and invest in broadening protection, detection and response measures or face disaster.”

Read 1866 times
Rate this item
(0 votes)

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.