As far as data breaches go, hackers threw everything they had at the private sector last year. According to a study from the Identity Theft Resource Center, U.S. organizations experienced 1,093 data breaches in 2016 – an all-time high. Overall, the number of data breaches increased 40 percent from 2015.
What went wrong?
In another report, Risk Based Security found 4,149 hacking events occurred across the world last year, exposing more than 4.2 billion records. Some may be surprised to learn that six of the incidents that transpired last year made the organization’s Top 10 List of All Time Largest Breaches, on which the Yahoo breach was listed.
Hacking was the most common cause of data breaches in 2016, constituting 92.5 percent of all incidents. SQL injection was the most popular method of infiltration among perpetrators, and 81.7 percent of all hacking incidents began on external threat vectors.
From the looks of things, one could assume organizations failed to protect their network perimeters. However, this assumption ignores a key reality: Perimeters no longer exist.
The need for Zero-Trust Security
The only way to stem the continuing data breach pandemic is for organizations to adopt the Zero Trust security approach.
The Zero Trust model means that no network or users is automatically trusted and so policies and strong security controls are enforced everywhere, even on internal networks and systems. Analysis of the mega-breaches of recent years indicates that Zero Trust could have mitigated and in some cases completely prevented what turned into cybersecurity catastrophes.
Zero-Trust Security has been discussed as an important evolution of security for many years, and Forrester Research has long advocated a Zero Trust approach. But the concept is finally getting real traction:
- Google urges enterprises to adopt Zero Trust security.
- In the wake of devastating federal department breaches, the US Federal Government is also advocating Zero Trust.
Increased risk, financial impact, penalties and awareness will lead enterprise security architects to abandon the obsolete notion that any network or system can be implicitly trusted.
The impact of a data breach has never been more costly, such as with the new General Data Protection Regulation privacy rules in Europe. The GDPR will result in fines in the many millions of Euros for companies that fail to protect consumer data.
Certes offers a range of solutions that enable you to adopt Zero Trust with your existing infrastructure, without affecting network or application performance.
If you want to know how to implement zero-trust frameworks, speak with Certes Networks today.