Recently BAE Systems released research stating that over half of UK businesses have suffered a cyber-attack over the course of the past 12 months, with the average cost of being hacked coming in at £330,000 ($420,000). This is set to increase astronomically as businesses prepare for the role out of General Data Protection Regulation (GDPR) next year which will see violating businesses hit with fines that have been proposed up to €20 million ($24.3 million) or 4% of their global revenue.
However, it is not only the threat of financial loss that looms over businesses that have been hacked, according to the research as a fifth of respondents did not feel confident that they could be back to ‘business as usual’ within 48 hours. Add in to the mix the impact it can have on relationships with stake holders and customers, the Yahoo hack being a prime example, and strengthening cyber security defenses is an absolute necessity for businesses.
At Certes, we believe that one of the biggest things holding the cyber-security industry back is mindset. The approach of building rigid firewalls to keep the bad guys out is no longer fit for purpose. The reality is hackers are proving on an almost daily basis that they can sidestep firewalls. Once inside, they are able to siphon off huge swathes of valuable data without difficulty, until they are detected, often months after the initial breach.
There is a fundamental step missing – at whatever point a hacker enters a network they must be contained, restricting the data they can access and the damage they can inflict before they are detected. This is where “zero trust” comes into play. This model assumes no network, user, device or application can ever be fully trusted. Instead, you assume that the network is already compromised, that a user actually is a hacker with stolen credentials. Then by applying cryptographic segmentation between users and the applications they can access, if a hacker does enter the network they can no longer move laterally, significantly limiting impact of the attack.
With an outdated approach to security still thriving, businesses are fighting a losing battle. It is essential that those in key positions take time to understand new approaches that can arm a business against the modern-day cyber-criminal and define an effective and comprehensive cyber-security strategy. With GDPR roll-out on the horizon, enterprises must act now to ensure the safety of customer data before they fall victim not only to hackers, but to fines that will have a serious impact on their business.