Intelligent CISO Issue 57 | Page 42

Better protection comes with better security planning .
EXPERT OPINION trust , as well as facing hefty recovery costs . Looking to the year ahead , businesses must therefore take a riskbased approach to ensure their systems and customer data is protected .
Here I will outline how taking an ‘ assume-breach ’ approach and investing in cybersecurity measures such as Zero Trust will help businesses weather the storm as we face more uncertainty in 2023 .
Never trust , always verify
Though the concept of Zero Trust has been popularised across many sectors , numerous organisations are yet to reap the benefits of this approach . In fact , according to IBM , almost 80 % of organisations don ’ t adopt Zero Trust strategies , resulting in average breach costs of US $ 5.4 million , US $ 1.17 million more compared to those that do .
Zero Trust means what it sounds like : no one person or device on a network is trusted . Users are given only the access that they require for their task and the network is segmented to make it difficult for would-be attackers to move through the network in search of valuable data to steal . As such , businesses must leverage Zero Trust capabilities in order to protect sensitive data and enforce ‘ authorised only ’ access to information that is critical for security and compliance .
Such Zero Trust technologies mitigate the widespread impact cyberthreats can have within an organisation . This approach can also reduce a lot of the potential regulatory and network security headaches simply by removing implicit trust within an IT ecosystem and replacing it with a risk-based approach to accessing organisational resources .
Strengthening security with an assume-breach model
Assume-breach approach takes Zero Trust one step further , ensuring the focus of any organisation remains on prevention and protection from unwanted cyberattacks and removing implicit trust from any device or user . This approach can help guide decisionmakers when discussing investments in security technologies and operational best practices as it aims to limit the trust placed in networks , applications , services and devices ( both IT and IoT ) by treating them as though they are already compromised .
According to Verizon ’ s 2022 Data Breach Investigations Report , 82 % of data breaches involve human error , such as employees exposing information directly or by making a mistake that allows cybercriminals to gain access to the organisation ’ s systems . As such , instilling an assume-breach approach by assuming a network is compromised and putting the necessary tools in place can help prevent breaches from

Better protection comes with better security planning .

42 www . intelligentciso . com