It’s time we rethink cybersecurity

A few weeks have passed since I last wrote about cybersecurity. Since then, reports about new cyber-attacks or new vulnerabilities have been a basso continuo following us every other day. Just this week “Le Temps” reported that tax declarations of Swiss citizens are circulating in the dark web after an attack on a trust office. With this very example we see what I have mentioned previously: Increasingly, small and medium businesses are becoming targets of these attacks. For them, too, the impact –?especially in terms of damage of reputation and loss of customer confidence –?can be massive.

So, why do ransomware attacks succeed in the first place? It’s mostly because IT security is not part of the core business of the users concerned. Naturally, this is a problem small and medium businesses are increasingly faced with. This also shows that cybersecurity is no longer a topic owned by the IT department, but for the executive board to have on top of their agenda. Moreover, it is a responsibility of every single one of us. Why? Because the cybersecurity chain is only as strong as its weakest link.

In a hybrid world, there is an increasing number of weak links with an increasing number of devices and access points. One way to deal with this is the Zero Trust Approach. Of course, those familiar with the concept will rightly point out that it is not new. I was also not invented by Microsoft. But Zero Trust is essentially how we think about cybersecurity. So let me elaborate more on that and how we can all use it to rethink security. I will also talk with our Chief Security Advisor Roger Halbheer about these aspects during our Swiss Security week next Tuesday, so please join us for a live discussion – you can sign up here.

As such, a Zero Trust strategy will be top of mind for many organizations because its principles help maintain security amid the IT complexity that comes with hybrid work. These principles are to verify explicitly, to grant least privileged access, and to assume breach. Here are a few thoughts of what we have:

1.?????Verify explicitly

One of the most important first steps in a Zero Trust journey is to establish strong authentication. No matter the length or complexity, passwords alone won’t protect your account in the majority of attacks. Monitoring logins for suspicious activity and limiting or blocking access until additional proof of identity is presented drastically reduces the chances of a breach. On the other hand, modern multifactor authentication doesn’t have to be complicated for the user. Therefore, I’m fully convinced our future will be passwordless.

2.?????Grant least privileged access

As we have entered into new hybrid work environments, businesses need to think about how they will proactively protect their organizations from the influx of new or “bring your own” connected devices – or even new apps that have helped people to work in new ways. This new normal has exposed the most challenging cybersecurity landscape we’ve ever encountered, and the least privileged access ensures that only what must be shared is.

3.?????Assume breach

Comprehensive security that is multi-platform and multi-cloud with simplification front and center is going to be important for the “assume breach” approach.?With threats continuing to get more sophisticated, it is important to have the latest AI and machine learning capabilities at hand to separate important incidents from noise.?But “assuming breach” isn’t just about external threats – you also have to be thoughtful about protecting your organization from the inside out. To address these issues, you need the latest technology to support you.

In a world where identity is the new battleground, I see adopting a Zero Trust strategy as no longer an option, but a new business imperative. People and organizations need to have trust in the technologies that bring them together. The term Zero Trust may feel like the opposite of that, but when you assume breach and provide the least privileged access necessary, it actually empowers employees with the flexibility and freedom they want.

So, I would be happy to welcome you our Swiss Security Week. Will you join me?