Danny Lopez, CEO of Glasswall Solutions, has had a successful international career to date in banking, marketing, diplomacy and technology.
In a world reliant on unrelenting digital innovation, businesses are faced with a growing range of hugely challenging cybersecurity concerns. Understandably, this is driving surging levels of technology-led investment as leaders look to defend their networks and data against a growing list of risks.
According to IDC, for instance, worldwide spending on security solutions and services is expected to reach $219 billion this year—up over 12% from 2022. This upward trend will continue, heading towards $300 billion by 2026, driven by “the ongoing threat of cyberattacks, the demands of providing a secure hybrid work environment, and the need to meet data privacy and governance requirements.”
The range of risks is already enormous and constantly changing. Take ransomware, for example, arguably the most high-profile strategy currently employed by threat actors. Last year, there were over 74 million attempted ransomware attacks—a rise of 20% compared to 2021, with an average remediation cost of $4.35 million (excluding any payment to attackers). In contrast, cybersecurity awareness training, one of the most important components of a holistic preventative strategy, is only provided to employees on an ongoing basis by 23% of companies.
For many organizations, particularly those with limited budgets, addressing the full range of risks and vulnerabilities is akin to playing a game of whack-a-mole, where they must constantly respond to changing threats. A major part of the problem is that there is currently no silver bullet that can deliver the all-around, agile and intelligent protection that organizations need to address every eventuality—the overall challenge is, at present, simply too complex and multifaceted.
But how close are we getting? For many organizations, the zero-trust model has become a compelling strategy for addressing the constantly changing security landscape. Founded on the principle of “never trust, always verify,” zero trust represents a significant change in mindset and approach over conventional cybersecurity approaches. It operates on the principle that any user, device or system, whether it exists inside or outside the organization’s network, is potentially compromised and—by default and without exception—should not be trusted.
As such, zero trust can’t be implemented as a standalone security product. Instead, it is a holistic strategy that relies on a layered approach that is not only technology-focused but also relies on minimizing the potential impact of human error.
Indeed, there are a multitude of approaches and technologies that can be applied to the development of a zero-trust strategy. At its core, however, it relies on robust user authentication, so employing multi-factor authentication (MFA) is essential. Elsewhere, microsegmentation, which divides the network into smaller, more controllable and isolated workloads, helps in managing access controls more efficiently.
Furthermore, employing network access control (NAC) solutions to strictly govern access to resources, utilizing encryption for data in transit and at rest, and implementing least privilege policies also play important roles. Security monitoring tools to analyze user behavior and network traffic can also be used to detect anomalies that may be indicative of a breach.
Looking further into the specific approaches, technologies such as content disarm and reconstruction (CDR) are able to sanitize incoming files by removing potentially malicious content and reconstructing them into safe formats. Additionally, integrating security information and event management (SIEM) systems and endpoint protection platforms, together with the growing deployment of AI-based solutions for automated threat detection and response, can bolster the security architecture. In many organizations, ensuring that security policies and technologies extend to all devices, including personal and IoT devices, helps address another major vulnerability inherent across today’s widening network perimeters.
Zero trust also relies on continual improvement, whereby organizations evaluate and adjust to adapt to emerging threats, changes in business operations and advancements in technology. This approach is vital to ensuring that organizational security posture remains robust and effective over the long term—particularly given the constant emergence of new attack strategies.
The driving logic behind zero trust is key to meeting the challenges of contemporary cybersecurity provision—particularly for those organizations focused on delivering a proactive approach. The AV-TEST Institute, for example, registered nearly 5.5 million pieces of malware in a 14-day period alone—a figure which puts into perspective the sheer size of the task facing CISOs and their security teams.
In this context—and given the absence of a silver bullet approach—organizations can only build greater confidence in their security by focusing on a comprehensive, multi-faceted strategy. The zero-trust model, with its foundation of stringent verification and layered defenses, offers a robust framework around which to work in the modern digital economy. By integrating risk management, technology and educational initiatives, organizations can build a formidable defense against evolving cyber threats both today and in the future.