As Cybersecurity Awareness Month draws to a close, we’ve had a chance to reflect on the state of the cybersecurity landscape. It’s a sad reality that cyberattacks are increasing and getting more sophisticated. Cybercrime is now a multi-trillion dollar business with criminals creating sophisticated hacking tools to sell on the darknet to criminals and nations states who are investing millions of dollars to illegally extract company secrets and personal data.
In addition to the rise in cybercrime, organizations are challenged by the ongoing evolution of their digital infrastructure. Cloud computing is now a mainstream technology. Multi-cloud, private cloud and hybrid are the new normal for organizations, adding more complexity to securing enterprise customers. This digital transformation has accelerated through the pandemic increasing the use of cloud, SaaS, mobile devices, and IoT - and it seems certain that hybrid working practices are here to stay for many. Enterprises will need to secure their employees working anywhere, anytime, on any device and for every app.
As a result of the change, many ideas about how best to protect an organization’s IT infrastructure and data are rapidly becoming outdated and so organizations continue spending on the wrong things in a bid to keep themselves secure. A prime example of this is the disproportionate spend on perimeter security and end-point protection versus spending on zero trust capabilities, strong identity and encryption. Organizations need to encrypt everything and ensure their cryptographic keys are properly protected, ensure they are addressing any vulnerabilities through instantly upgrading to the latest hardware or firmware, and to train their employees and customers to be security conscious.
Those leading the charge in the changing cybersecurity landscape are leveraging security as a service offerings to maximize protection and reduce costs associated with security infrastructure, talent, expertise, and management. They are also moving to automation and AI to help improve efficiency and limit human errors, as well as helping detect, respond, and prevent cyber criminals from accessing their networks and data.
These factors can be bolstered by moving to a zero trust philosophy with Identity at the core to ensure the integrity of devices and users. Zero-Trust is critical. The majority, if not all cyber events, involve some sort of over-trusted identity-related exploits. Identity can be exploited through various avenues, including compromised secrets, compromised data perimeters and lateral threats. Our 2021 Global Encryption Trends Study revealed the top three threats to sensitive data are employee mistakes (53%), system or process malfunction (31%) and hackers (29%). In addition, 65% of respondents revealed that they didn’t fully know where sensitive data resides in their organization. With these examples in mind, Zero-Trust is the only way to truly protect identity within an organization.
This goes hand in hand with the aforementioned digital transformation trends and the additional complexity these bring in securely managing users, devices and workloads both within the organization and without. Now organizations need to deliver certificates and security for something that used to be in a building – a need for remote management, visibility, and security for something you no longer have physical access to.
Similarly, with a more dispersed, hybrid workforce the need to verify and maintain the integrity of sensitive documents has been thrown into sharp focus. While the core fundamentals of remote working have been pretty well understood by many, the sheer volume and expected continuation of these practices has had a profound impact on business workflows. To this end, remote document signing and sealing has become a significant factor for many who need the assurance that content is verifiably from who it says it is and that the document has not been altered in any way.
October being Cybersecurity Awareness Month makes it an ideal time to acknowledge the increasingly complex security challenges that our customers face and how we can help address them. We’ve embarked on a remarkable year of innovation and growth, expanding our core capabilities, products and services. Entrust core technology represents the building blocks of trust: managing IDs and credentials, authenticating users, ID proofing bound to credentials, physical access management, encrypting data and managing security policy. Now, more than ever, customers can turn to Entrust for both the building blocks of trust, and solutions for key use cases that enable digital transformation with security and identity.