The zero-trust approach works because it takes a “never trust, always verify” stance, where an organisation considers everyone and everything as a potential threat. Thus, users, applications, devices, networks and processes are subjected to strict screening and continuous verification where contextual information is used for determining whether or not to give a user, device, connection, network or process access to sensitive data.
This “trust nothing and no one” line of defence is especially critical as it can help neutralise insider threats or people within an organisation whose access or accounts could potentially expose the company to security threats. These insiders are legitimate risks because they have access to a company’s systems and sensitive data, to begin with, and that serves as an easy first step towards eventual infiltration.
Insider threats can be current and former employees, partners, contractors and temporary staff who have prior or continued dealings with the organisation. They can be malicious in that they deliberately want to harm the business or have no malice whatsoever but are risks nonetheless due to ignorance or carelessness. Examples include remote workers accessing the company’s cloud in an unsecured public network or employees falling for phishing scams and similar attacks.
Zero-Trust is a very effective way to mitigate insider threats, especially with the unabated rise of remote work and workloads increasingly being migrated to the cloud. Deploying this kind of architecture will detect exploits across endpoints, limit data breach-related disruptions, enhance an organisation’s cyber resiliency and provide a modern, more sophisticated layer of protection to a company’s resources and users.
Source: Reduce the Risk of Insider Threats with Zero Trust: IBM Security Solution Blueprint
It should also be noted that according to IBM’s “Cost of a Data Breach 2021” report, data breaches originating from malicious insider activity cost companies USD $4.61 Million on average—third behind business email compromise and phishing, which cost USD $5.01 Million and $4.65 Million, respectively. Cyber incidents due to insider threats also have an inordinately long breach lifecycle, taking approximately 306 days to detect and contain.
It is thus imperative that organisations adopt the zero-trust approach as soon as possible. To do so, companies can deploy IBM zero-trust solutions and services, which are specifically designed to cover all possible attack vectors, including those from within an organisation.
These solutions, in particular, quantify a company’s threat risks, manage user identities and access, enforce said access and combine security information for context-based enforcement of policies. They also leverage SIEM and user behaviour analytics to detect threats faster and automate various tasks for more immediate threat response.
Needless to say, deploying this zero-trust architecture is necessary if organisations want to safeguard their systems from both external and internal threats. IBM Security Solution Blueprint has been created to help organisations address insider threat challenges through zero-trust capabilities.