The original article is published in cybersecurity.w.media

In the last few years, there has been an increase in the number of cyberattacks and it continues to grow. 

More than 11.5 lakh incidents of cyberattacks were tracked and reported to India’s Computer Emergency Response Team (CERT-In) in 2021. According to official estimates, ransomware attacks have increased by 120 percent in India, according to reports.

There’s no sign of slowing down, especially if businesses remain content with the way things are. However, one can break that cycle with the right tools and knowledge. It has been encouraged that organizations undertake the Zero Trust framework to secure the data and reduce the risk of cybersecurity-related incidents. To understand the importance and scope of Zero Trust W.Media spoke to Pawan Chawla, CISO, Future Generali.

“It is important to clear a myth about Zero trust, it is not a product or a solution that can be installed. It’s a strategy/framework for implementing cybersecurity in an organization. It’s built upon cyber best practices and sound cyber hygiene, such as vulnerability management, proactive patching, and continuous monitoring,” said Chawla. 

He further explained that the objective of the Zero Trust framework is to identify each user in the network and provide full visibility to the attack surface including IT, OT, and IoT. Limiting access to these assets will eventually reduce the attack pathways and allow ease in monitoring the attack surface, which will also help in identifying end-point vulnerabilities and patching them regularly.

Once security teams know how data flows within the organization, identifying critical assets that need to be secured becomes easier.

“Zero Trust is a foundational element of an adaptive approach to security that is essential for an organization. Zero Trust works on the assumption that you can’t separate the good actor from the bad actor,” added Chawla.           

Traditional approaches that focused on establishing a strong perimeter to keep the bad actors out no longer work. Resources (data, applications, infrastructure, devices) are increasingly hybrid or outside of the perimeter entirely. 

Chawla further pointed out that with Zero Trust, no actor can be trusted until they’re verified. It’s a holistic, strategic approach to security that ensures that everyone and every device granted access is who and what they say they are. In today’s world, data is spread across several applications and people.

It’s not enough to have a password onto something or set up a firewall or some other kind of perimeter to protect the data. Let’s agree and accept that in today’s age of digital transformation, perimeters don’t exist and old approaches to security don’t stack up against the sophistication of today’s threats.