Zero trust is critical as more and more enterprises are sacrificing security for speed

Missed a session of MetaBeat 2022? Visit the on-demand library for all our recommended sessions here.

A record number of employees, 66%, say they are expected to sacrifice security for speed so as not to delay projects. That is an increase of 45% last year. In addition, 79% of workers gave in to pressure this year, sacrificing safety to meet tighter deadlines and higher work expectations. With employees under increasing pressure to sacrifice security to get their jobs done, zero trust becomes critical to securing any endpoint.

The latest from Verizon Mobile Safety Index found that employees are under more pressure than ever to bypass security when necessary to get work done. The research also found that the two weakest areas of mobile security are the lack of adequate endpoint security and human error. Cyber ​​attackers prey on each using social engineering. Moreover? The efforts of cyber attackers are: 62% from cyber attacks attributed to insiders, caused by negligence rather than malicious intent.

“Now that mobile is crucial for business operations, it is also receiving more attention from malicious parties. From coordinated, state-sponsored campaigns to untargeted, opportunistic criminal exploits, the number of attacks is on the rise,” according to the Verizon Mobile Security Index report.

Cyber ​​attacks on mobile devices are especially damaging because they strike at the intersection of one’s identity, privacy and professional life.

Human error remains the main cause of infringements. Eighty-two percent of all breaches analyzed in Verizon’s Data breach in 2022 Research Report launched cyber-attacks targeting users. Breaches begin with social engineering that targets privileged credentials, phishing campaigns, duplicated or stolen credentials, and human error.

More spend, more violations

Mobile data breaches continue to set records despite an uncertain economic environment. Eighty-five percent of enterprises today have a cybersecurity budget, and 77% say their spending on mobile security has increased this year. Sixty-seven percent predict even bigger spending in 2023. Increasing security budgets and allocating more to mobile security isn’t slowing down breaches, though.

Breaches and intrusions continue to grow, despite increases in cybersecurity and mobile security budgets.  Source: Verizon Mobile Security Index, 2022
Breaches and intrusions continue to grow, despite increases in cybersecurity and mobile security budgets. Source: Verizon Mobile Security Index, 2022

Verizon found that nearly half of enterprises, 45%, have experienced a breach, intrusion, or data exfiltration that originated on a mobile device in the past 12 months. It gets even worse for companies with more extensive global operations. More than three-fifths, or 61%, have been affected by mobile cyberattacks in the past year. That’s significantly more than the 43% of companies that operate only locally and have been hacked via mobile devices.

Zero trust can meet enterprise need for speed

CISOs are consolidating their tech stacks to increase visibility on each endpoint while reducing costs. At the same time, more organizations are building a business case for adopting zero-trust network access (ZTNA) for greater speed and security. A Microsoft’s report found that 96% of security decision makers believe zero trust is critical to the success of their business.

Gartner’s 2022 Market Guide to Zero To trust Network access provides an analysis of the ZTNA market, its critical vendors, and the factors companies should consider when implementing ZTNA frameworks.

“From modern and mobile endpoint defenses and device attestation to securing enterprise applications across the entire development lifecycle, enterprises need their security to scale with their data, access, employees and customers,” wrote Jon Paterson, CTO of Zimperium, in the report. Company. 2022 Worldwide Mobile Threat Report.

Using Zero Trust to Protect Any Device as a New Security Perimeter

Implementing a zero-trust framework should start with the goal of gaining greater visibility, control, and security over any endpoint. IT and security teams need to understand that every device added to their network is a new security perimeter.

As a result, zero trust quickly becomes a table game as a framework for enhancing the security of any organization. An earlier VB article highlighting the key things CISOs need to know about zero trust identifies how organizations can map out a roadmap that best suits their business.

CISOs continue to pressure UEM platform providers to consolidate and deliver more value at a lower cost

The latest from Gartner Magic Quadrant for United Endpoint Management Tools reflects the impact of CISOs on product strategies at IBM, Ivanti, ManageEngine, Matrix42, Microsoft, VMWare, Blackberry, Citrix and others. Gartner’s market analysis shows that endpoint resilience is another critical buying criterion. Endpoint security leaders include Absolute Software’s Resilience platform, Cisco AI Endpoint Analytics, CrowdStrike Falcon, CyCognito, Delinea, FireEye Endpoint Security, Venafi and ZScaler.

A report by Forrester names Ivantic, Microsoft and VMWare as industry leaders, with Ivanti having the most fully integrated capabilities for UEM, enterprise service management (ESM) and end-user experience management (EUEM). Leading UEM platforms, including those of VMWare and Ivantic, have designed multifactor authentication (MFA) into the core code of their architectures. Since MFA is one of the key components of zero trust, it is often a quick win for CISOs who have often battled over budget.

Support BYOD and enterprise mobile devices on the UEM platform

Unified Endpoint Management (UEM) platforms have proven to be able to deliver device management for enterprise device inventories, while also supporting the bring your device (BYOD) policy. Best-in-class UEM platforms support location-independent requirements, including cloud-first OS delivery, peer-to-peer patch management, and remote support.

IT and security teams are turning to UEM platforms to help improve user experiences while considering how endpoint detection and response (EDR) fits in replacing VPNs. Advanced UEM platforms also provide automated configuration management to ensure compliance with corporate standards.

Automated patch management can further reduce the risk of mobile breaches

It’s no surprise that the majority of safety professionals see patch management as time-consuming and too complex. IT and security teams are often overwhelmed with work, pushing patch management lower on their priority list. 53% of IT and security teams say organizing and prioritizing critical vulnerabilities takes up most of their time. Ivantic launched an AI-based patch intelligence system at RSA earlier this year.

Ivantis Neurons Patch for Microsoft Endpoint Configuration Monitor (MEM) is notable in that it relies on a series of AI-based bots to find, identify, and update all patches on endpoints that need updating. Other vendors offering AI-based endpoint protection include Broadcom, CrowdStrike, SentinelOne, McAfee, Sophos, Trend Micro, VMWare Carbon Black and Cyber ​​Age.

Mobile devices predict the future of zero trust

Digital-first business plans dominate most companies’ IT, security, sales, and marketing plans today. But it is the mobile devices in the hands of employees, suppliers and customers that are the endpoints that influence the success or failure of any strategy.

Rather than relying on legacy tech stacks to support next-generation digital revenue strategies, it’s time for more companies to consider how they can define a zero-trust framework that can help consolidate tech stacks while addressing productivity barriers. from users. The goal is to secure each endpoint as a new security perimeter without impacting user productivity. Zero trust makes that possible on mobile devices today.

The mission of VentureBeat is a digital city square for tech decision makers to learn about transformative business technology and transactions. Discover our briefings.