The emergence of hybrid work and growing reliance on cloud technology means that zero trust security model is “becoming the de facto posture at many organizations.” This was the message delivered by Fredrik Hult, chief information security officer at PagoNxt, during his “Master class: Adopting the Zero Trust Security Model” session on the first day of the Cloud and Cyber Security Expo 2022.
Hult began his session by drawing attention to last year’s electronic fraud stats doubling compared to 2020. “Intensity and quality of threats are trending up,” warned Hult, and large scale operations are worth “billions of dollars.” Single endpoint compromise to full-scale enterprise compromise and ransom can now be achieved within a “single day,” he argued.
Hult’s presentation demarcated the various types of zero trust models, with Hult drawing parallels with the multiple cinnamon bun recipes in Sweden. “Zero trust also comes in many different forms,” he affirmed.
Implementing zero trust, however, is complex and involves a steep learning curve, commented Hult. He delineated three central focal points of consideration regarding zero trust. The first is the “narrative arc,” as Hult coined it. It’s crucial that “no one puts talent in the corner.” With the pandemic having caused a mass reassessment of needs, organizations “must prioritize talent.”
The second focal point is that “underperformance in cyber is silent.” Hult affirmed that “we never trusted our networks anyway, did we?” Organizations must remember that threats are “silent, strategic and catastrophic.” The more we know, the more concerned we will be, remarked Hult: “The worst we are at identifying threats and detecting attacks in progress, paradoxically, the safer you feel.”
The third focal point is that one “does not simply walk into zero trust.” Hult rued that building something bespoke for organizations requires a unique hardware and software posture. Drawing upon his own experience at PagoNxt, Hult stressed that building a world-class cyber research lab in a large organization is hard but urged organizations to “raise the pirate flag with a clean slate and prove value.”
To conclude, Hult urged organizations to get on board with the “mother of all paradigm shifts.” Older paradigm shifts assumed you control the network, remarked Hult, but this is a serious pitfall. How can this change? He pressed the audience to remember that moving from a traditional security model, in which everything inside the firewall is considered ‘safe,’ to one in which identity is constantly verified “requires a transformation of mindset both within IT departments and the wider organization.”