Upgrade Magazine


IT experts advocate use of ‘zero trust’ model to deal with security

Everyone needs to learn how to “disrupt any criminals’ ability to profit off your information,” said SpyCloud CEO/co-founder Ted Ross.

SAN JOSE, CALIFORNIA – Everyone needs to learn how to “disrupt criminals’ ability to profit off your information,” said SpyCloud CEO/co-founder Ted Ross, here at NetEvents 2019: Global IT Summit. And arguably the best way to do this is to apply the “zero trust model” as far as cybersecurity is concerned.

Today, on average, people over 55 have approximately 12 passwords, Millennials have eight, and those belonging to Gen Z have five. Fifty-nine percent of all people use the same password/s everywhere; and here, the younger generations may be said to be at a disadvantage “because they have fewer passwords to rotate even if they go online more often (than their elders),” Ross said.

These passwords include those used for work, with the Federal Bureau of Investigation (FBI) noting that 65% of reported fraud is actually business email compromise fraud. Approximately $8t million are lost per day in US alone; with the total losses reaching $12.5 billion in last five years. Sadly, just over 3% is recovered from this amount.

But Ross said that “work-related accounts are only part of the problem (with security). Personal and family accounts are even more at-risk.” This is worth highlighting because when personal accounts are hacked, work-related accounts may also already be compromised.

Cybercriminals “take everything they can get their hands on,” Ross said. And then “they focus on monetizing the information.”

This is why, Ross reiterated, the “zero trust model” is always worth considering.

Erin Dunne, director for research services of Vertical Systems Group, seconded Ross’s position, particularly since “with all the security issues, it’s terrifying.”

For Vikram Phatak, founder of NSS Labs, “there’s no reason for companies to be the one to secure everything. Instead, shift the paradigm to service provider paradigm.” This is because for companies to “do everything isn’t going to work; it’s not sustainable.” And here, “simplification of security “for the average person to use” is recommended.

Brad Casemore, research VP for data center networks at IDC, agrees. “There was a time when products/services were complex, and this has huge implications with adaption. Like Phatak, Casemore stresses the “need to simplify”.

Scott Raynovich, principal analyst at Futuriom, said that “security management tools are (already) out there, but many people continue not to use them. So human behavior needs to be tackled.”

To Top