Zero Trust

Last week, Dr. Zero Trust, AKA Dr. Chase Cunningham, posted in Linkedin that he was fed up with people who say they don’t understand Zero Trust. To a certain extent, I feel his frustration.
Journalists understand the concept. We have a decades-old saying, “If your mother says she loves you, check it out.” It doesn’t get more zero trust than that.
The problem is that while it’s easy to understand as a concept, it isn’t easy to build a zero trust infrastructure, especially with the misleading gobbledygook most cybersecurity companies put out. Cunningham says there are hundred of books and articles on the subject. He’s right, of course. The question is, which one do you choose?
At the RSAC Conference, We sat down and briefly talked with Dale Hoak, CISO for RegScale, about how easy it is to understand Zero Trust

n the past few weeks, as various security companies have published multiple studies about the state of cybersecurity, a common theme has arisen: Executives running the companies that purchase security tools and services are not sure their purchases have made them any safer. This widespread position in the market confirms results of a months’ long investigation by Cyber Protection Magazine that marketing practices in the industry are failing to do the job and, in the process, making society less safe.

While every report skews data to convincing customers to add their company’s tools and services to their budgets. However, every report also reports that between 60 and 90 percent of managers have significant concerns and doubts that the tools they have, and the tools they are considering, will not do the job that needs doing. The reasons for that lack of confidence are three-fold.

Three reasons for lack of trust

First, stuff is moving fast. Governments are legislating controls and protections faster than normal. Sometimes this rules don’t make sense and many in the industry think they are holding back innovation and adoption. Criminals and nation states are stepping up attacks that bypass established protections, and lawsuits for negligence are growing. Second, while understanding the need for security best practices is at an all-time high, that’s mainly because weaknesses due to work-from-home, generative AI and news about data breaches is also high. That means while understanding of the need is high, inexperience and ignorance is creating new opportunities for attacks.

“Many executives may not exactly understand how (the tools) work,” said Cache Merrill, founder of software outsourcing company, Zibtek. “. When there is a concern on the functionality of the tools or when attention is on what the tech teams understand without listening to them, anxiety is experienced. To put it simply, if they cannot see it, they will not put faith in it.”

Carl DePrado, an SMB IT consultant based in New York, aid, “The sheer number of cybersecurity products and services can be overwhelming. This contributes to a sense of vulnerability, as they may not feel confident that they have covered all their bases.”

Keeping up with requirements has caused financial organizations to rapidly overhaul their IT infrastructure. Because of this rapid digitalization, organizations are consuming many different security solutions creating a bespoke environment that inadvertently exposes them to cyber threats. 

The name WannaCry still invokes memories of chaos and disaster amongst anyone in the technology world. The anniversary of this widespread attack in May each year has been named Anti-Ransomware Day, to encourage organisations to back up their data and adopt necessary security protections.

The fourth annual Identity Management Day (April 9) brought the opportunity to assess and evaluate the shifting environment plaguing Identity and Access Management (IAM).

Identity plays a pivotal role in all facets of business functions. Overseeing identity and access presents challenges in determining who should have access to what.
This process requires a contextual understanding of the roles and duties of numerous individuals within an organization, ranging from system owners and supervisors to IT, security, and compliance personnel. Managing access between all these stakeholders and decision-makers while mitigating human error, minimizing excessive permissions, and preventing inappropriate access configurations presents a formidable task.

As workforces evolve, managing access privileges becomes even more complex, raising the risk of insider threats and unauthorized access. Understanding identity management is crucial across all business activities, especially with the rise of hybrid and remote work setups.

A strong IAM strategy requires enterprises to maintain a centralized and consistent view of all devices, resources, data, and users, along with timely provisioning of access to different users. When any of these elements are insufficiently operated, both the level of cybersecurity and the quality of user experience are jeopardized.

From our predictions issue: As 2024 gets underway, here are three threats which promise to be making waves in the coming year.

In a world awash in AI-generated, intentional misinformation and urban myths, would you bet your job on the reliability of the information you want to share? You might be betting someone’s life on it.

Each year Black Friday grows in popularity, and Cyber Monday is now a key part of the sales weekend. But, this growth of popularity has sparked the interest of cybercriminals, who are also out to exploit the vast number of people online trying to bag a bargain.

Today, everyone is trying to solve the problem of what happens when credentials are compromised, and a network is breached. The simplest approach is to minimise movement until security teams can resolve the incident.

As October is coming to an end with eerie Halloween celebrations, we’d like to remind everyone that today also marks the last day of National Cybersecurity Awareness Month.

The MGM Grand/Caesar’s breach is the most exhaustively covered cyber event in recent memory. Even the attackers published detailed explanations of how they did it. There was, however, one question still needs answering:

Insider threats are more commonplace than one would expect. But what can be done to prevent them? Zero Trust is one answer – so we spoke to several industry experts to learn what they have to say on the topic.

Das Sicherheitskonzept Zero Trust senkt das Risiko erfolgreicher Cyberangriffe auf IT-Infrastrukturen. Dennoch tun sich viele Unternehmen nach wie vor schwermore

The arena of Zero Trust is an unbridled circus. Conflicting best practices, classic overselling, and niche use cases abound making two things painfully clear: 1) organizational leadership is making Zero Trust a top priority, and 2) the folks tasked with implementing it have no idea where to start.

As with any digital product, security relies on four arenas. User responsibility, corporate accountability, government regulation and industry standards.

Ransomware attacks have cost victims millions upon millions of dollars, and these attacks are increasing at an alarming rate. This article will explore effective strategies to prevent and recover from these ambushes.

SAP security doesn’t need to be complex, since a lot of tasks can be automated – but what about SAP security in the cloud?

Rohit Ghai, CEO of RSA Security

Today marks the 3rd annual Identity Management Day. We spoke to a range of tech security professionals about how businesses can ensure digital identities remain secure.

“We are seeing some phishing attempts offering loans, or pretending to be founders to financial teams,” said Grant Warnick, CEO of cybersecurity company Fletch. “We are expecting more fraud attempts this week as bad actors pretend to be companies impacted by this incident.”