The role of zero trust in boosting cyber defence

In today’s increasingly digital world, protecting your business against cyberthreats is more important than ever. These threats show no signs of letting up. With cyberattacks becoming easier and cheaper to execute, distributed denial-of-service (DDoS) attacks, for example, have become more prevalent in recent times. There is no need to intrude or gain access to a network to launch a DDoS attack, making it a hit-and-run type of attack that can happen without warning. In fact, we have already seen DDoS attacks peaking above 72 million requests per second, the largest ever recorded this year.

The cyber risks for businesses in Asia-Pacific (APAC) today are pressing. In Q1 2023 alone, more than 35 billion cyberthreats were mitigated per day on average in the region, and more than 112 billion globally. With the surge of digital transformation initiatives and the continued hybrid work trends, there is an increased urgency for businesses to strengthen their defences against these complex cyberattacks.

It is encouraging to see the investments progressively being made to tackle cybercrimes. According to IDC’s latest Worldwide Semiannual Security Spending Guide, spending on security hardware, services, and software in APAC, excluding Japan, is expected to reach US$36 billion in 2023, with a 16.7% increase from the previous year.

Zero-trust approach 

The zero-trust approach has increasingly proven to be an effective way for organisations to bolster their cybersecurity defences. Founded on the principle that nothing is trusted until verified, this approach considers all users and devices as potential threats. It implements continuous monitoring and verification to ensure the security of sensitive data and prevent breaches.

Incorporating the zero-trust approach into an organisation’s security framework can strengthen network protection and enhance data security. This is particularly beneficial in heavily regulated industries such as finance and healthcare. For example, it helps companies comply with strict data protection regulations by restricting access to sensitive data to authorised personnel only.

Overcoming potential challenges of implementing zero trust

However, zero-trust security poses challenges for businesses, as highlighted in Cloudflare’s report on “The Journey to Zero Trust in Asia Pacific.” These obstacles include a lack of knowledge, a reliance on existing cybersecurity measures, difficulty in securing executive buy-in, and a shortage of skilled personnel to implement a zero-trust strategy.

To overcome these hurdles, companies can consider partnering with cybersecurity specialists or managed service providers. These providers can assist IT and security teams with implementing zero-trust security measures, providing technical support and continuous monitoring of their IT infrastructure. This allows IT teams to focus on business growth, maintaining regular operations, and product development. Additionally, many providers offer scalable solutions, which can be particularly advantageous for businesses lacking the resources to invest in a comprehensive zero-trust security strategy.

The case for a “Chief Zero-Trust Officer”

To successfully implement a zero-trust security model, organisations can consider appointing a designated leader, such as a Chief Zero-Trust Officer (CZTO), who can oversee the implementation and adoption of the strategy. Having an articulate leader and defined accountability reduces the likelihood of roadblocks during implementation. The CZTO can effectively structure teams and remove obstacles to ensure a smooth rollout. Introducing the CZTO role in the C-suite further reinforces the importance of zero trust within the organisation and ensures that the initiative receives the necessary attention and resources to succeed.

Additionally, businesses may encounter resistance to change during the implementation of a zero-trust strategy. Leaders should set an example by embracing the change, actively involving employees in the process, addressing concerns proactively, providing support, and offering upskilling opportunities. If the goal is to spark an organisation-wide culture shift, the first step must come from the top.

The way forward to strengthen cyber defences

The increasing dependence on IT systems, coupled with the APAC region’s growing influence in the global economy, has made cybersecurity a top priority for organisations operating in the region. Attackers have APAC firmly in their crosshairs, making it more crucial than ever for businesses to implement effective security measures. Zero trust, with its associated continuous monitoring and verification, can provide organisations with a robust defence to safeguard their sensitive data against potential threats.

As APAC continues to accelerate its digital transformation, it is imperative for businesses to embrace new and effective security models such as zero trust. This approach will greatly help them better protect themselves and their customers, comply with prevailing regulations, and establish a strong foundation for growth and success in the digital age.