There is constant news coverage of credit card identities stolen, bank records compromised, and identity theft. Consumers have become jaded to relentless headlines, of our privileged information stolen. Is this the new normal?
The statistics are shocking. 18% of all healthcare employees are prepared to sell patient data, 24% know of an employee who sold confidential material. Apple employees have been offered as high as $23,000 for privileged access credentials. A staff member at Honeywell, furious at not receiving a raise, was caught selling satellite tracking data. He assumed the client was a Mexican drug cartel, not the DEA.
The dark web is now firmly ingrained as a global marketplace for procuring and selling of privileged credentials. Hackers no longer break into secure digital systems, they log in, allowing for unfettered access to company data.
Digital Companies see cyber-security as a second-tier cost, only to be increased if a threat occurs. Profitable companies usually are cutting cyber-security costs. Government data to big Hollywood studios are seeing their assets being compromised. There must be consistent authentication policies across the corporate landscape, while providing the access employees, customers, and partners need.
Zero Trust Security (ZTS)
Dated security methods are not functioning. Businesses having significant digital footprints are seeing attacks increasing exponentially. The Zero Trust Security protocol ensures every device, login attempt and requested service are being verified through the Next-gen Access initiative. NGA is a digital business application coordinating login and resource request management. The technology recognizes every device and user.
There are four pillars to the ZTS protocol:
- Never trust anyone, anything and always verify. This fundamental policy requires everyone in the organization to be verified before granting access into the system.
- Endpoints must be authenticated. Before granting access to the system, the user must log in from a prior trusted device. If not, the login requires a multi-factor authentication.
- The system grants the user only the access given to them when the account is set up. Company employees are set up on a tiered system. The level of access allowed is fixed. No more, no less.
- The process is constantly learning. The platform learns user behavior, login attempts, access control, and policy adjustment.
What is the Future of Security for Digital Companies?
William Saito believes there are two types of enterprises in the world. Ones who have been hacked and the ones who do not know they are being hacked. Saito is accepted as a world authority on encryption, biometric authentication, and cyber-security. William Saito reports directly to the prime minister of Japan and sits on the Council for National Strategy.
Companies with large digital footprints must mature. Traditional corporate security is not working. Employees work remotely around the world, logging into a vulnerable network with unrecognized devices. Identity has turned into the new security protocol. Only an individual’s biometrics can be relied upon when logging into a company network.
William Saito believes an all-encompassing strategy must be established now. This strategy must start immediately before it is too late, and users no longer trust any of their screens. Saito says, the internet is expanding quicker than anyone, or any corporation can keep up with. Most security controls are added haphazardly rather than from the ground up.
Unless the issue of trust identity is not dealt with now, the ensuing failure and costs will be massive.