Earlier this year, MIT Technology Review polled global business leaders about their current concerns and future plans regarding cybersecurity. This report surveyed 256 respondents this year and 70% of them are executives or directors. MIT Technology Review released their findings from the Zero trust closes the end-user gap in cybersecurity on Sep 19, 2022.
This report focused on the approach to cybersecurity and mainly demonstrates how organizations go beyond passwords to embrace a new approach to defending against cyberattacks.
In general, cybercriminals all start from phishing emails to attack end users' systems. Specifically, there is a finding that 68% of the interviewees worry about cloud applications and data being subject to malware, ransomware, and phishing attacks. The report also found that the first biggest cybersecurity challenge facing companies is securing a hybrid or entirely remote workforce, with 55% of respondents. The reason is that COVID-19 made cloud computing take center stage: lockdowns sent millions of workers to their homes, where they connected to company systems remotely, often using their personal devices rather than the employers. Their second and third biggest challenge is securing the cloud infrastructure and securing enterprise IT software from attacks, with 49% and 48% of respondents respectively.
To secure the cloud against the ever-growing cybercrime wave during COVID-19, the zero-trust cybersecurity philosophy is the key to transforming global networks. These networks, sites, or applications won’t allow you in (or let you stay) without proof you belong there, and they monitor for unexpected behavior. One key finding is that the zero-trust model has been adopted by about 40% of respondents, while another 18% are in the process of implantation and 17% are planning.
When it comes to the path to zero-trust adoption for different organizations, the report found that for about 46% of the respondents, the single biggest challenge is integrating the model into a legacy IT infrastructure or replacing old systems with zero-trust–compatible systems. Mike Wilson, chief security officer, Molina Healthcare also shared that:
Zero trust is not a switch that you turn on, but a philosophy of putting controls on data at the local level
The good news is, zero trust is not an all-or-nothing proposition but can be adopted incrementally based on which assets an organization needs to protect most. A successful zero-trust strategy involves all vendors working together to ensure secure access to the applications or areas they’re responsible for. Some legacy systems may not be able to adapt to a zero-trust approach immediately, but we can foresee that the zero-trust strategy and investment in IT and staff against the core systems will be increased. More and more organizations will build a zero-trust model for cybersecurity programs in smaller chunks.
The full report Zero trust closes the end-user gap in cybersecurity is available for download from MIT Technology Review Insights.