Researchers estimate that ransomware cost businesses of all kinds around the world $20 billion last year, a figure expected to balloon more than 10 times over to $265 billion over the coming decade. And that’s a modest projection at best, as authorities at the Cybersecurity and Infrastructure Security Agency (CISA
) believe about 75% of ransomware attacks go unreported.
That’s one reason CISA advocates that “every organization—large and small—must be prepared to respond to disruptive cyberincidents.”
We agree with CISA’s call for unrelenting vigilance against ransomware and other rampant cybercrimes
. And one pillar of this stalwart posture is adopting “zero trust” practices.
defines zero trust as an IT operating strategy that “assumes no end-user, computing device, web service, or network connection can be trusted—even when an access request originates from within the organization’s own network perimeter.”
There are three core zero trust tenets:
- Continuously monitor every type of network traffic for the full spectrum of cyberthreats
- Identify and validate users of all kinds and devices of every sort continuously
- Adjust and refine cybersecurity policies, protocols and procedures continually in response to data gleaned from practicing the first two measures
Notice the thread of persistence that runs through all three of these tenets. Today’s cybercrooks organize themselves in relentless criminal syndicates. Your company must prepare and practice with the same type of deliberation and determination—from C-suite executives to front-line workers.
But be wary of thinking in absolutes. Considering zero trust a final state that can be attained in full risks treating this cybersecurity philosophy more like product than principle. Keep in mind that the zero-trust journey happens every day and is never truly completed.
Need a partner that understands zero trust principles? We’re here to help.