A poll conducted by SentryBay, the UK-based cybersecurity software company has found that 69.1 per ent of professionals with security responsibility believe a rethink is needed to deal with the threat of cybersecurity now that devices and applications have moved outside the corporate network.
The poll, which was conducted on Twitter amongst cybersecurity professionals, aimed to assess attitudes to cyber threats and methods of protecting vulnerable devices. It found that 58.3 percent of respondents believed that a zero-trust approach to security was essential, and 19.9 pe cent thought it was important. When asked if their organisation had adopted zero-trust, however, only a third said they had.
One barrier might be the difficulties that companies are experiencing in implementing BYOD models, for which zero trust is the recommended approach to securing corporate perimeters. Over a third (33.5 percent) said that adopting BYOD was too complicated. The role of enterprise users has also been a BYOD challenge with user privacy concerns being cited by 28.1 percent of respondents and user engagement/friction cited by 19.9 percent . Management overheads were a challenge for 19.9 percent.
SentryBay CEO Dave Waterson said:“BYOD offers enterprises huge CAPEX savings, but these are worth nothing if adopting the model opens the organisation up to the risk of a cyberattack. The key to security in this scenario is proactive protection that is delivered through a software solution that specifically focuses on preventing sensitive data loss or leakage from the remote endpoint, and it should be an integral part of a zero-trust approach.”
The poll indicates that while 47.7 percent of organisations have still not adopted zero-trust, 8.5 percent are already in the process and 10.6 percent plan to do so in 2022.
The appetite for a change in cybersecurity methods and practices as devices and applications move away from physical offices and controlled networks is clearly important to almost 70 per ent of those working in security, but this does not mean that it is always easy to achieve.
Waterson said: “While cybersecurity should be a priority for all enterprises, it can be a daunting prospect to specify and deploy the right solutions for the company’s specific needs.
He added that a culture change was required, the knowledge and experience of security experts should be sought, but most importantly, endpoint devices – the most vulnerable element in the technology stack – need to be protected by proven software.