Zero trust as a strategy!

Trust thought for today - Zero Trust as a strategy in which 'trust becomes just as much of a currency as data'.

A hacker warns: Give up trying to keep me out - and focus on your data

Very interesting advice from Charles Henderson Hacker, and Managing Partner and Head of X-Force at IBM in the FT, (sorry for paywall) telling organisations concerned about cybersecurity that however much they spend, they are never impenetrable and that there is always a way in.

The game has changed: "Leaders across industry and government who commit to a culture shift in which trust becomes just as much of a currency as data will gain a strategic advantage — limiting the moves an adversary can make, forcing them to make more noise and ultimately leaving them less room to execute their attack".

"The best security advice for government and business leaders is to simply “give up” on trying to keep me out. Assume I’m already in, finding my way to your most prized possessions. What you actually need to trouble yourself with is, what can you do to stop me?

The Biden administration’s recent cyber security executive order provides guidance to federal agencies, namely to establish a “zero trust” relationship with their supply chains to protect data. Zero trust is not just a buzz phrase, single action or tool the industry is marketing. It is a set of principles upon which to build a security strategy, and it’s largely founded on the assumption of compromise. Last year, the US was the number one target of cyber attacks while Europe also experienced an onslaught of ransomware attacks. We need a radical new defence."