Cybersecurity Strategy: Adopt a Zero Trust Model, but Expect to Get Hacked


According to Stephen Robert Morse, writing for The Hartford’s SmallBiz Ahead publication, protecting your business income begins with “evaluating potential threats,” and it ends with creating both a business continuity plan and a business recovery plan. This is true on multiple levels, but it is especially relevant in the world of business cybersecurity.

I’ve already outlined why entrepreneurs and SMB leaders can't afford to ignore cybersecurity, and pointed out that businesses of all sizes are now prime targets for hackers and cybercriminals. WIthout any measure of data-breach prevention or mitigation, organizations might as well consider themselves sitting ducks. Fortunately, by following Morse’s advice, evaluating potential threats, and subsequently enacting a continuity and recovery plan, we have the beginnings of a proper cybersecurity strategy.

Potential Threats and the Zero Trust Model

The University of Maryland has listed “cyber threats” as one of the most important issues in modern international business, but the truth is that most of these “threats” are actually already inside your company.

The role of human error in successful cybersecurity breaches is huge, with over 90 percent of all cybersecurity breaches attributable to human error, according to uSecure.

Essentially, this means that factors such as failing to install updates, giving out passwords or credentials to those that don’t need them, and knowingly or ignorantly breaking proper security protocol, are all reasons that companies suffer breaches and hacks. This is why Zero Trust Networks, aka Zero Trust Architectures, have come into such popularity recently.

Created by John Kindervag in 2010, Zero Trust is “a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access,” according to CSO Online.

The same article quotes Charlie Gero, CTO of Enterprise and Advanced Projects Group at Akamai Technologies in Cambridge, Massachusetts: “The strategy around Zero Trust boils down to don’t trust anyone. We’re talking about, ‘Let’s cut off all access until the network knows who you are. Don’t allow access to IP addresses, machines, etc. until you know who that user is and whether they’re authorized.’”

The point is that businesses big and small should seriously reconsider their approach to trust if they ever expect to regain any modicum of security.

Prepare and Expect to Get Hacked

Forbes recently ran an article in which they quote a Dr. Eric Cole, former member of the Commission on Cyber Security and chief technology officer of McAfee. According to Cole, the best advice he can give you is to expect to get hacked.

“It’s serious stuff and most people just don’t think that and the real problem when I talk to them is they say ‘Eric, no one would be interested in me, I’m just a school teacher, I’m not a CEO — I’m not Bill Gates, I’m not somebody super famous nobody cares about me,’” Cole says. “The reality is that’s who they go after because I can tell you CEOs have a lot of security. Bill Gates has a lot of security. Good luck trying to break into them.”

What everything really comes down to is having protections as if you expect to get hacked. This is why it’s imperative to have data backup and recovery options installed and available at all times.

As everybody knows, sometimes it’s just as important to know how to recover after small business failure as it is to know how operate during times of success. Just be prepared for an attack, because, nowadays, it’s not a matter of if you get breached, it’s a matter of when.

Simply put, cybersecurity is different than it used to be.

The bad news is that your chances of getting hacked are high, especially because everybody is a potential threat nowadays, if only due to their own ignorance. However, with the right infrastructure, the right “trust model,” and the right plan in the face of disaster, organizations can evade a higher percentage of attack attempts and survive the ones that prove successful. It’s like the Boy Scouts teaches: if you prepare for the worst, you’ll perform your best.

Related Posts



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, 14 November 2019
If you'd like to register, please fill in the username, password and name fields.

Member Login

Business Insights & Tips


Jill Holtz
2318 Points
Tena Glaser
1395 Points
Michael Lane
802 Points
Ron Immink
732 Points
Fionan Murray
721 Points
View Leaderboard