Zero Trust: redefining security in the digital age

Zero Trust is the collective response to the increase in cyberattacks and the pressing need to shield ourselves against them.

Zero trust. What initially sounds like a negative concept is an essential approach to safely navigating increasingly complex digital environments filled with potential threats.

The first person to apply the term in its current sense was the US analyst John Kindervag, Strategic Vice President of cybersecurity company ON2IT. In a report prepared for Forrester Research in the spring of 2009, Kindervag stated bluntly that the main vulnerability of companies undergoing digitization was the direct result of a human emotion: trust.

In a report prepared for Forrester Research in the spring of 2009, Kindervag stated bluntly that the main vulnerability of companies undergoing digitization was the direct result of a human emotion: trust.

 

Not excessive trust, but any kind of trust. That is, any approach to digital security other than permanent, pro-active vigilance that requires us to methodically reduce risks. Trust prompts people to repeat "the same mistakes that decisively compromise the security of the institutions of which they are part of."

As the only viable alternative to the depressing chain of unforced errors we make due to  our tendency to trust, Kindervag proposed implementing strict and systematic protocols that start, with a more secure identity and access management (IAM).

 

A growing problem

Since 2010, the global number of cyberattacks has increased to a staggering 1,200 attempts per week per company by the end of 2023. Although the vast majority of these are unsuccessful, the figure alone is sufficient to confirm the enormous risks that our economies, in the process of accelerated digitalization, face on a daily basis. Santiago Anaya Godoy, Global Chief Technology Officer at Cipher at Prosegur, highlights the importance of a holistic approach to data protection: "Security is not just about putting up barriers, but about educating and raising awareness among users; this is why cybersecurity must be customized according to the needs of each person."

 

Distrust, a recipe for success

As cybercriminals' technology and resources grow, it becomes imperative to adopt Zero Trust networks  that leave nothing to chance and minimize the potential negative influence of the human factor. David Fernández Granado, CEO of Cipher, says "this policy of universal mistrust is crucial for the protection of digital environments that are increasingly vulnerable to attacks by cybercriminals who use advanced tools such as Artificial Intelligence to create more sophisticated attacks." This includes tactics such as Chatbot Hijacking, Deepfakes, Advanced Vishing, and breaches in augmented reality and virtual reality devices, as well as QR codes used on a daily basis, he explains.

Fernández Granado also highlights the importance of the cultural and generational component in the implementation of a Zero Trust strategy. "An organization needs to be aware of the processes of adopting this strategy and the impact it can have on the various teams."

As a rule, younger employees, who have grown up with the internet in environments of Zero Trust such as video games or social networks, adapt more easily to the concept and apply it rigorously. The so-called "Zero Trust generation" tends to adhere to guidelines that guarantee a higher degree of security, better management of potential risks and a much more scrupulous respect for the privacy of digital interactions.

 

Those on the other side of the digital divide need to internalize these operating principles and understand how they should be applied from both ends of the chain: that of the access permission manager and that of the user. This process of adaptation will result in both an increase in personal security and in the overall consistency and responsiveness of the systems as a whole to external aggressions.

The benefits of this model are clear, says Anaya: "Every access request must be rigorously verified, regardless of its origin, since any user can become a threat." In addition, multi-factor authentication (MFA) is a key feature of this model, because it only allows access to authorized users, adding an extra layer of security even when credentials are compromised.

In conclusion, Anaya says that developing Zero Trust networks is not just a security strategy. It also requires adopting a new mental framework, essential to successfully navigate (as part of a smooth transition) digital environments as demanding as the one we live in today, "marked by accelerated digitalization and information technology that is advancing by leaps and bounds, which has led to the identification by companies of the need to assign greater attention to the increase in cybersecurity to avoid jeopardize the organization's critical infrastructures."