Zero trust closes the end-user gap in cybersecurity


Specifically, 68% of respondents are concerned that cloud applications and data are vulnerable to malware, ransomware, and phishing attacks. Although 55% are not confident their cloud security is configured properly, 59% believe they have adequate control processes and policies in place to secure the cloud. About one in three respondents said it was a challenge to adequately train employees on cybersecurity.

End users are attacked

The weakest link in any IT security strategy has always been people, says Keri Pearlson, executive director of the MIT research consortium Cybersecurity at MIT Sloan (CAMS). CAMS examines organizational, managerial and strategic issues in the cybersphere. “It only takes one person clicking the wrong email, wrong link, or installing the wrong program for systems to become infected. It’s not just end-users in the traditional sense, but everyone who interacts with our systems. Every single person interacting with systems is a potential vulnerability,” says Pearlson.

READ:  Why zero trust requires microsegmentation

Although typically more than 99% of backend system security measures are performed by IT, according to Salvi, the tiny fraction of security threats that users are responsible for is responsible for nearly 19 out of 20 cyberattacks.

“They all start with phishing emails,” says Salvi. “They’re trying to get the keys instead of picking the locks.” Some phishing attempts can fool even a cautious user by masquerading as urgent messages from HR or the C-suite. Covid lockdowns enabled end users to do more harm and the security strategy quickly adapted.

READ:  Trust me – how can 1.9 billion people be wrong
quote graphic

Contrary to traditional end-user security models, a user’s initial sign-in in a zero-trust environment—even if verified by a fingerprint, face scan, or multi-factor authentication—is not the end of surveillance. Once in place, Zero Trust discreetly follows users as they go cybertagging to ensure they aren’t up to anything nefarious and haven’t accidentally clicked on a link that opens a door for a hacker. Aside from an occasional re-authentication prompt, users won’t notice Zero Trust unless it decides it can’t trust you and locks you out of where you’re trying to go.

READ:  Dell Technologies, Fujitsu Collaborate to Accelerate Open RAN Global Adoption

“I don’t have to rely on the user doing the right thing for security to work,” says Salvi. “They don’t have to remember a complex password or change it every three months or be careful about what they download.”

Download the full report.

This content was created by Insights, the custom content arm of MIT Technology Review. It was not written by the editors of MIT Technology Review.



Source link