Why CISOs need zero trust as a ransomware shield

This year is on pace to be the second-costliest for ransomware attacks ever, with threat actors relying on new deceptive approaches to social engineering combined with weaponized AI. The recent MGM breach began with attackers studying the social media profiles of help desk employees, then calling the help desk and impersonating them to get privileged access credentials and logins.

Zero trust security needs to be a mindset that pervades everything from consolidating tech stacks to managing identities at scale. CISOs and their teams must start with the assumption that a breach has already happened, and an organization’s network needs to be designed to limit an intrusion’s blast radius and depth.

“Zero trust requires protection everywhere — and that means ensuring some of the biggest vulnerabilities like endpoints and cloud environments are automatically and always protected,” said Kapil Raina, VP of zero trust marketing and evangelist for identity, cloud and observability) at CrowdStrike. “Since most threats will enter into an enterprise environment either via the endpoint or a workload, protection must start there and then mature to protect the rest of the IT stack.”

Gartner introduces a new Hype Cycle for Zero Trust Networking

Gartner’s inaugural Hype Cycle for Zero Trust Networking comes at a time when CISOs and the organizations they serve are under siege from near-record ransomware attacks. All hype cycles and market frameworks have limitations, yet they do help to filter out vendor noise and those overstating their zero trust capabilities. The Hype Cycle examines 19 key technologies — including microsegmentation, Kubernetes networking, secure access service edge (SASE) and security service edge (SSE) — and maps their maturity level and hype cycle position.