Adopting Zero-Trust Security
Zero-trust security has been a hot topic, especially in light of rulemaking by the US federal government to move agencies and government contractors into a zero-trust framework in response to a spate of damaging high-profile infrastructure and supply chain attacks that sometimes included nation-state threat actors in 2021. The Colonial Pipeline incident and the subsequent outcry was a major catalyst for action at both the federal and state level. Cybersecurity legislation is on the agenda in every state legislature and congress, and many of those proposals include zero-trust elements.
The Cyber Resilient Organizations Study has previously reported on the benefits of zero-trust security. This year, researchers took another look at how using a zero-trust approach to security benefits businesses and reduces risk, specifically by boosting their cyber resilience. Those findings showed that 35% of respondent organizations said that they have already adopted a zero-trust security strategy. Of that group, 65% agreed that zero-trust security fundamentally strengthens cyber resilience. That’s a great idicator that increased cyber resilience is a useful goal when looking ant big-piture ways to avoid a costly data breach.
Why Are Companies Adopting Zero-Trust?
- 66% said to improve operational efficiency
- 63% to reduce security risks
- 38% said for better IT team support
- 34% said to reduce costs
- 23% said for a competitive advantage
- 4% cited other reasons like regulation
What Leaders Are Doing & How to Follow Them
Taking a look at what the leading organizations in the survey are doing to achieve high cyber resilience is important to determine exactly what benefits businesses get from building their cyber resilience. It also opens a window into the security mindset of leading organizations. There have been a few changes from 2020’s results that are evident in the 2021 survey as businesses have grappled with the volatility of today’s threat landscape.
What Are Leaders Considering?
- 66% of 2021 leaders say that security automation and AI are important, up slightly from 63% in 2020
- 60% recognize that cyber resilience impacts a company’s revenue, up from 56% in 2020
- 41% say that cyber resilience impacts brand value and reputation, down from 46% in 2020
- And new this year, 41% of leaders are regularly assessing third-party risk
IBM also lays out a series of recommendations to improve cyber resilience:
- Create and test incident response plans: comparison research shows that regularly updating and reviewing incident response plans was a key reason why cyber resilience improved for 47% of high performers. IBM recommends developing both enterprise-wide CSIRPs and threat-specific incident response plans as well as drilling them regularly.
- Protect your critical databases: 52% of the survey respondents ranked leakage of high-value information assets as a key measure of severity in data breach incidents. Developing a comprehensive data security strategy is suggested to help organizations reduce risk.
- Keep systems running with advanced protection from cyberthreats: 47% of the companies surveyed ranked data center downtime as a key measure of severity. The report points to proactive threat management with a zero-trust approach as a good way to avoid system downtime.
- Speed up analysis with AI and threat intelligence: 47% of respondents cited diminished productivity of employees as a measure of severity in security incidents. More advanced analytics and automated workflows are pointed out as processes that can give teams time back for threat investigation.
- Break down silos and increase visibility: High-performing organizations said that the inability to reduce silos(87%) and lack of visibility into applications and data assets (74%) were their top two blockers when it comes to improving their cyber resilience. Researchers say that an open platform that fosters integrations between technology can help unite disjointed processes and data and provide broad visibility.
- Implement a patch management strategy: Delay in patching vulnerabilities is always a security bugbear, and 59% of average respondents cited it as a major reason why their organization’s cyber resilience didn’t improve. IBM suggests a formal vulnerability management program to help cybersecurity teams proactively identify, prioritize and remediate the vulnerabilities that threaten critical assets.
Post a Comment