Is Zero Trust the Answer to Cybercrimes?

cybersecurity concept

In 2017, the NHS faced what it described as its biggest cyberattack in history. A ransomware known as WannaCry, which had already infected thousands of networks around the world, eventually found its way to the UK’s healthcare system.

It impacted at least 80 trusts—about twice than previously reported—and prevented healthcare facilities and providers from accessing their medical equipment such as MRI scanners and mobile devices. Over 25 percent of the trusts and many general practitioners and specialists needed to delay or suspend urgent procedures.

These cases, despite being widespread, are not isolated. Some experts even believe that the number would only increase in the coming years. In 2020 alone, there have been about 400 million cyberattacks detected.

However, most commonly believe that cybercrimes, such as data breaches and ransomware, can occur because of external threats. What many seem to forget (or perhaps ignore) is the possibility of an inside job. To shield a business from an intrusion on both fronts, several CEOs and IT administrators use the zero-trust approach.

What Is Zero Trust?

Zero trust is a model, concept, philosophy, or principle that stresses an organization should never trust anyone, including their people (yes, even the management is not exempted). This isn’t surprising since the majority of these cyberattacks are inside jobs, according to IBM research.

In 2015, for example, outsiders committed only 40% of the cybercrimes. The rest were insiders. While 15% were inadvertent actors, nearly 45% of these inside-job attacks were malicious.

Coined by John Kindervag of Forrester Research in 2010, it suggests that no company should trust network traffic and that it should ensure that every access to the network is secure. Moreover, it aims to reflect the security needs of the times.

Zero trust tries to replace the castle-and-moat approach many years ago. In the analogy, a firewall, which experts liken to a fortress, protected the company’s system, which symbolized the castle. The problem with this model is that it wouldn’t work in the age of cloud computing, and it was also extremely restrictive.

Companies can explore many ways to implement zero trust. These include:

  • Implementing a multi-factor authentication
  • Limiting the access of individuals (e.g., they may not be able to open files or read information from other departments)
  • Opting for database tracking, such as MSQL performance monitoring
  • Providing conditional access control according to the context of the network request
  • Strengthening policies, like bring your own device (BYOD)

hacker concept

Pros and Cons of Zero Trust

What makes zero trust beneficial that even Google and Microsoft are already implementing it? One of its biggest applications is in controlling or eliminating the vulnerability of the 5G network.

A 5G connection promises hyper speed, low latency, and immense connectivity capability that, when it comes to tech, it seems the sky is the limit. It can help build smart cities and run self-driving cars. It can encourage the growth of the Internet of things (IoT).

However, experts also identified at least ten vulnerabilities. For example, cybercriminals can hijack emergency alerts often delivered via texts or incoming calls. The 5G network also means more users, devices, networks, equipment, and systems connected.

With zero trust:

  • Cybercriminals are less likely to penetrate all levels of a system or network. It may then help prevent the risk of a massive data breach.
  • It may prevent both external and internal users from accessing just any point of the network, which can open an opportunity to malicious actors.
  • Because zero trust advocates for constant monitoring, IT administrators are more likely to catch a breach before it gets worse.
  • Companies can also perform analytics and spot patterns that may indicate an attack is about to happen.

Zero trust, though, doesn’t happen without challenges or disadvantages. Some think that the approach is still restrictive. It may even curb innovation or reduce productivity and efficiency as employees may not be able to access or use the information they need immediately. Instead, they would have to go through many steps and deal with many people and departments.

Further, this model may become more difficult to implement as more players, networks, and equipment or devices become part of the system.

The cost of cyberattacks is staggering. According to the World Economic Forum (WEF), a lone malware attack cost the industry over $2.5 million in 2018. Within the same period, ransomware cost at least $500,000.

Cybercrimes don’t spare small businesses, which are likely to lose $200,000 a year from a data breach. Some cannot recover that at least 40% eventually shut down after an attack.

Zero trust sounds like the holy grail the world needs to pull the plug on cybercrimes. But in reality, it’s not the be-all, end-all solution. To stop these attacks is to perform an offense on many fronts. The model also needs to evolve to reflect the changes in connectivity and network security needs.

The Author

Don’t Stop Here

More To Explore

What Are the IT Services Small Businesses Need?

Although many small businesses are famous for delivering high-quality products and services, their capabilities are still limited in certain ways. Those limitations make it hard for them to compete with larger businesses. Thankfully, getting around those limitations is easier than ever. Secure the IT services small businesses need and present the best experiences to your

Information Technology in 4 Minutes

Information Technology (IT) encompasses a vast array of technologies, systems, and processes that facilitate the storage, retrieval, transmission, and manipulation of data. From corporate technology solutions to personal computing devices, IT plays a pivotal role in virtually every aspect of modern life. At its core, IT involves the use of hardware, software, networks, and infrastructure

Rebuilding a House After a Fire? These Technologies Have Changed the Game

Fire can be devastating. It leaves behind a trail of destruction and heartbreak. When this good servant turns rogue, it destroys homes and turns people’s lives upside down. Rebuilding a house is expensive and time-consuming. And while you may have insurance coverage, it takes time, effort, and money to get back to where you were

Scroll to Top