Cybersecurity

A CFO Guide to ‘Zero Trust’ Cybersecurity

As perimeters of corporate networks blur, a new approach brings clarity to thwarting cyber attacks.

Companies now spend an abundance of time, energy, and dollars building trust with their various stakeholders—except, that is, when it comes to those accessing their computer networks. The goal there is to thwart cyber attackers, especially as they become ever-more sophisticated. And that requires erasing implicit trust from internal networks.

To get there, the familiar “trust, but verify” approach is being supplanted by “never trust, always verify” as expressed through a Zero Trust security framework, with a starting assumption that all network traffic, no matter its pedigree, may be malicious. The aim: restrict network access for all users and devices, apply security controls that hide applications not required by the user, and authenticate and continuously validate identities. The ultimate goal is to enforce a risk-based and contextually aware access control posture for all network connections to corporate applications and data, whether hosted on premise or in the cloud.

The Zero Trust concept represents a dramatic shift from the castle-and-moat approach, which focuses on fortifying the perimeter to deter outsiders from accessing corporate data, while implicitly trusting insiders. In the past, IT infrastructures had well-defined perimeters. But those boundaries have grown blurry as a result of evolving business models, shifting workforce dynamics, and complex and hyper-connected IT environments. Companies have migrated their applications from data centers to the public cloud, with endpoints expanding to include mobile devices, bring your own device (BYOD) technologies, and a proliferation of web-enabled smart devices (e.g., Internet of Things [ IoT]). Far from contained, the modern technology ecosphere can look dangerously ubiquitous.

CFOs can calculate the potential costs of not investing in Zero Trust. The average cost of a data breach has reached $4.24 million, an increase of nearly 10% over last year, according to a recent study.1 In instances where higher levels of remote work were a contributing factor, that cost rose to $4.96 million. High-profile ransomware threats that effectively lock users out of their own systems and demand hefty payments before giving them the key (or not) have drawn attention to the costly reputational—and possibly legal—ramifications of a cyber breach. Supply chain infrastructures, targeted through third-party software and service providers, have also been victimized. Moreover, the pandemic has likely increased finance leaders’ awareness of the cost of business disruptions, while having to equip a remote workforce highlighted the need to modernize their capabilities for enabling secure remote access.

Read more

Veille-cyber

Share
Published by
Veille-cyber

Recent Posts

Sécurité des mots de passe : bonnes pratiques pour éviter les failles

Sécurité des mots de passe : bonnes pratiques pour éviter les failles La sécurité des…

6 jours ago

Ransomware : comment prévenir et réagir face à une attaque

Ransomware : comment prévenir et réagir face à une attaque Le ransomware est l’une des…

6 jours ago

Cybersécurité et e-commerce : protéger vos clients et vos ventes

Cybersécurité et e-commerce : protéger vos clients et vos ventes En 2025, les sites e-commerce…

1 semaine ago

Les ransomwares : comprendre et se défendre contre cette menace

Les ransomwares : comprendre et se défendre contre cette menace En 2025, les ransomwares représentent…

1 semaine ago

RGPD et cybersécurité : comment rester conforme en 2025

RGPD et cybersécurité : comment rester conforme en 2025 Depuis sa mise en application en…

2 semaines ago

VPN : un outil indispensable pour protéger vos données

VPN : un outil indispensable pour protéger vos données Le VPN, ou « Virtual Private…

2 semaines ago

This website uses cookies.