In the chaos that reigned during 2020, ransomware attacks doubled and cybercrime complaints to the FBI quadrupled. Hackers seized the opportunity to wreak havoc as organizations quickly shifted to remote work in response to the coronavirus pandemic and regional shutdowns.

Not surprisingly, executives cited business disruption as their No. 1 concern in 2020, according to the Synack 2021 Signals in Security report. Disruption was happening across the board last year, so it’s no surprise this was a pervasive worry. While there were many factors leading to disruption across the board, the interruptions that can be caused by cyberattacks shouldn’t be overlooked.

Cybercriminals have become increasingly savvy. From sweeping ransomware attacks like the one at Colonial Pipeline Co. to usurping payments from small businesses, security must be a top concern for every type of organization. Not only must it be a top priority, cybersecurity must be perceived as a companywide priority.

The Signals in Security report noted dissonance among organizations when it comes to cybersecurity, in early 2020, executives and managers were more or less in sync in regarding companies’ commitment to cybersecurity. However, by early 2021, while about 75 percent of executives (similar to the previous year) said they remained highly committed to strong cybersecurity, only 41 percent of managers perceived that it was a high priority — a drop in confidence of nearly 25 percent. Front-line analysts were even less confident: Only 18 percent believed their executives considered cybersecurity to be extremely important, which was down from 69 percent in early 2020.

Communicating the importance and commitment of an organization to cybersecurity is critical to keeping the issue top-of-mind with employees throughout the organization. This way, they can remain vigilant with every email or error message they may encounter.

While employee buy-in is essential in keeping data safe, a tool that can help ensure security system-wide is Zero Trust architecture. This is a conditional access control model that requires verification of trust prior to allowing access to applications, and when access is granted, it is with the least privilege, allowing users to do their job but no more. Based on the notion “never trust, always verify,” Zero Trust protects data and applications not only at the beginning of a session but with continuous verification of users and endpoints throughout.

There are three key tenets of Zero Trust:

  • Continuous verification of endpoint compliance: For access to be granted, endpoints must be continuously verified to be compliant with your organization’s security policies.
  • Conditional access control to all applications: For a user to gain access to applications, they must prove their identity.
  • Reduction of the attack surface: To protect your organization’s applications and data, each user must be granted only the least-privilege access to get their work done, and nothing more.

Moving to Zero Trust architecture is a smart choice for organizations adapting to remote work, but it can also improve companies’ data protection overall. It provides security for any application — in the cloud, in a data center or behind a firewall — and on any endpoint, whether mobile or desktop. With Zero Trust, every resource is considered vulnerable and is constantly verified.

VMware’s Workspace ONE digital workspace combines Zero Trust conditional access control with industry-leading modern management to help organizations proactively secure their digital workspace. Tech Orchard can help businesses of all sizes and in a variety of industries understand how this concept protects the company and its most precious resource: data. Connect with our team to discuss your security needs and whether they are being adequately met.