Organisations are making great strides but Zero Trust is still at the bottom of cybersecurity priority lists, finds Hitachi ID survey.
According to a survey by Hitachi ID referenced by TechRepublic, having realised the heightened risk of becoming a victim of a ransomware attack, businesses are increasingly relying on SaaS providers to strengthen their defences.
Thirty-six of the one hundred IT and infosecurity executives surveyed have said that more than half of their cyberdefences are provided by third parties. Uptake of multifactor authentication (MFA), regarded as the lynchpin of information security, as well as of single sign-on (SSO) providing the visibility needed for effective password management has increased considerably with around 80 per cent reporting they have adopted each. These two are followed by IAM and privileged access management (PAM) with an adoption rate of 74 and 60 per cent, respectively, which is bound to rise further given the frequency of incidents where excessive privileges open backdoors for cybercriminals.
Although the findings of the Hitachi ID survey are promising as to organisations growing awareness of IAM, there is one area where information security executives’ mindset is less mature than it should be – Zero Trust. In order to accommodate the new perimeterless realities of cloud-based businesses with a hybrid workforce, Zero Trust’s central tenet is not to trust any users but to verify them on and ongoing and contextual basis. Considering that – as Bryan Christ of Hitachi ID Systems has pointed out – “Zero Trust is a journey, not a destination and it can take time,” the fact that only 47 per cent of the executives surveyed are implementing it shows that there is still a lack of urgency to rise to the challenges the current environment poses.
The importance of tackling inside threats that experts talk so much about has also been borne out by the findings of the survey with approximately half of the executives saying that either them or their employees have already been approached to assist in a cyberattack.
In addition to Zero Trust, the Principle of Least Privilege (PoLP) should also be gaining more ground. Rather than granting higher privileges and then restricting them, it’s a more secure approach to regard employees as standard users and elevate their privileges when they need to access applications that require this.