Zero Trust Lagging
Almost 80% of critical infrastructure organizations studied don’t adopt zero trust strategies, with average breach costs rising to $5.4 million. That’s a $1.17 million increase compared to those that do. All while 28% of breaches among these organizations were ransomware or destructive attacks.
“Zero-trust strategies are meant to make it harder for attackers to move laterally through the network and meet their objectives,” said IBM Security’s Limor Kessem. “It minimizes the reach into additional parts of the network and reduces blast radius. This essentially widens the window of opportunity for defenders to identify the attacker on the network before it’s too late.”
Tim Mackey is principal security strategist at Synopsys Cybersecurity Research Center.
“Critical infrastructure is particularly attractive to attackers who believe that their victims will believe the shortest path to restored operations involves payment of a ransom,” he said. “While zero-trust technologies offer significant promise, the reality is that critical infrastructure systems have a significantly longer life span than most other software. Overlaying a relatively new paradigm on top of what might arguably be a legacy architecture may not always be feasible. This is where continuous monitoring for abnormal events identified based on comprehensive threat models can help, as can the creation of incident response plans that are also informed by those same threat models.”
