Zero Trust as part of data security policy

Examining over 530 data breaches across 17 countries, a 2021 report from the Ponemon Institute reveals that the average cost per breach this year increased by 10%, the largest such spike in years.  According to the report, the most substantial hit to a breached firm comes from lost business, followed by spending on breach notifications, as well as potential fines from regulators and penalties to customers.  Combined with the costs of necessary preventative measures, such as breach detection or encryption, it’s clear that financial planning for data security is more critical for organizations than ever before.

Risk assessment is an important part of that overall scheme.  With so many companies establishing a firm digital presence and disseminating their data across various platforms (especially in the new age of remote work), the vulnerabilities to enterprise security have multiplied.  The message is straightforward, that relying solely on securing perimeter defenses will no longer be enough.  It has become too easy for the bad actors to get through, and all it takes is a single accidental click on a phishing link.  It’s a useful strategy to assume that this will happen.

This has led some, like analysts at Emerging Europe, to advocate for a zero trust policy, whereby every relationship, every device and application, and access to data is treated with caution.  Constant verification becomes a main feature and goal within this structure.  This is not a brand new approach by any means: security controls that aid detection and establish a baseline, against which anomalous behavior can be checked, have long been a staple recommendation of ours.  If there’s some fishy (phishy?) activity going within the network, having a clear view can mitigate the problem quickly.  What changes now is the scope, year by year.  A report from ENISA (the European Union Agency for Cybersecurity) now predicts an increase in cyber attacks against supply chains by a factor of four.

Proceeding with these facts in mind can lead organizations to smarter data protection focus.  Developing a security policy as if data will inevitably be compromised puts everyone on heightened, more efficient alert, rather than just chaotically throwing things at the wall and hoping something sticks.  Incorporating encryption into your policy, such as NetLib Security’s Encryptionizer solution, protects this most valuable asset once hackers break through the outer defenses.