By Jayden Soh, Head of Solutions, JOS Singapore
With the ever-changing geopolitical landscape, increasing ransomware attacks and cybersecurity threats, organisations need to implement a “zero-trust” framework within the company. We do this at JOS, and I recommend others to do the same.
Yes, “zero-trust” is a counterintuitive term, especially when mutual trust and open communication should be at the heart of every organisation. For context, the last two years have shown that cloud-based collaboration platforms are crucial to connect teams across the globe. With hybrid or remote working taking full steam, businesses have had to place increased emphasis on agility and flexibility. This ultimately also ushers in an era of zero-trust in organisations.
This model is less about interpersonal relationships and working culture, and more about a security framework.
With workplace modernisation leading to workers increasingly working from practically anywhere, the opportunity for cybersecurity breaches has widen. The traditional investment in perimeter defense of company premises is no longer sufficient. The possibilities of cybersecurity breaches are higher if a company adopts the BYOD policy, giving workers direct access to SaaS application that contains confidential information like customers’ data. 61 percent of malware directed at organisations targeted remote employees. Since the onset of the pandemic, about 30% of organisations have reported a spike in cyber-attack attempts.
Zero-trust requires all users with access to a business’ data to be authenticated and continuously validated for authorisation. It assumes there is no traditional network edge – resources, like workers, can be anywhere. Businesses desperately need to adopt such an approach in the digital world.
Traditional cybersecurity solutions were not designed to handle today’s fast pace of cyberthreats. Antivirus and traditional security solutions are insufficient measures in combating advanced threats which are becoming increasingly challenging for IT personnel to foresee. Businesses need to keep in mind that traditional endpoint security methods that focus on virus signatures are no longer sufficient to ensure their endpoint security. With cyber threats increasingly becoming more sophisticated and rapid, businesses must adopt a proactive instead of reactive stance so that they can respond and prevent incoming attacks from reaching vulnerable endpoints.
There are many types of endpoint vulnerabilities. For example, any device used by employees (such as laptops, desktop computers, tablets, and mobile phones) is considered a potential cyber-attack target. This threat is further scaled up by the number of applications on each device, and whether each application complies with company security policies. Another example would be legacy cybersecurity solutions from an on-premises world, bounded by a manageable network perimeter, that cannot keep up with ever-changing cyber threats.
Firstly, businesses need to be aware of existing security vulnerabilities. To do so, they need to implement continuous security monitoring through a centralised management system for an extended detection and response and continuous verification.
A centralised security management system actively searches for vulnerabilities 24/7 and easily integrates and orchestrates the mitigation of cyber threats.
Continuous verification means that no asset, credential, or device is trusted at any time. Businesses need to define its controls to restrict or provide access to corporate information based on device, location, level of suspicious behaviour, amongst other variables.
An end-to-end application would incorporate all of the above to cut threats off at the device level before they spread to the entire business network.
With day-to-day work being pushed into the cloud and digital space, it makes sense for security perimeters to do the same. Bridging the distance between the security technology you have and the security protection you actually need is a critical business differentiator.
Data breach costs rose from USD3.86 million to USD4.24 million on average per breach and the predicted liability for cyber-physical systems would total over USD$50 billion by 2023. However, in a survey of over 500 organisations worldwide, only 35% of respondents had fully or partially deployed a zero-trust approach.
We need to drive home the point that zero-trust deployment and proper security design at every corner of your network is an investment worth making. We live in a new normal, where threat prevention, detection and response are our everyday, be it via in-house security teams or through engaging strategic enterprise security partners. Only this way, can organisations ensure that their data is well protected and minimise potential business impact in the long run.
Let’s find that balance between organisational security and usability by adopting a zero-trust model, to protect our people, our business and community.
If you would like to learn more on how to safeguard your people and business, please contact us.
Like this article? Follow us on LinkedIn to receive the latest updates from us!
67 Ubi Avenue 1, #05-01
StarHub Green, South Wing, Singapore 408942
Copyright © 2023 JOS (SG) Pte. Ltd. All rights reserved.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |