Zero trust is critical as more enterprises sacrifice security for speed

Did you miss a session of MetaBeat 2022? Visit the on-demand library for all of our featured sessions here.

A record number of employees, 66%, say they are expected to sacrifice security for speed in order not to slow down projects. That’s an increase of 45% over the last year. Additionally, 79% of employees gave in to the pressure this year, sacrificing security to meet tighter deadlines and higher job expectations. As employees are increasingly pressured to sacrifice security to get their jobs done, Zero Trust becomes critical to securing all endpoints.

Verizon’s latest Mobile Security Index found that employees are under more pressure than ever to bypass security measures when it’s necessary to do their job. The study also revealed that the two weakest areas of mobile security are lack of adequate endpoint security and human error. Cyber ​​attackers prey on everyone using social engineering. what’s more The efforts of cyber attackers are further compounded by the fact that 62% of cyber attacks are attributed to insiders, caused by negligence rather than malicious intent.

“Now that mobile devices are critical to running a business, they’re getting more attention from bad actors as well. From coordinated government-sponsored campaigns to unfocused, opportunistic criminal exploits, the volume of attacks is increasing,” states the Verizon Mobile Security Index report.

Cyberattacks on mobile devices are particularly damaging because they strike at the intersection of a person’s identity, privacy and work life.


Low-Code/No-Code Summit

Virtually join today’s leaders at the Low-Code/No-Code Summit on November 9th. Sign up for your free pass today.

Register here

Human error remains the leading cause of data breaches. 82% of all breaches analyzed in Verizon’s 2022 Data Breach Investigation Report began with cyberattacks on users. Breaches start with social engineering targeting privileged credentials, phishing campaigns, duplicate or stolen credentials, and human error.

More spending, more violations

Despite an uncertain economic climate, records for mobile security breaches continue to be set. 85% of organizations now have a cybersecurity budget, with 77% saying their mobile security spending has increased this year. 67 percent predict even higher spending in 2023. However, increasing security budgets and allocating more to mobile security is not slowing security breaches.

Despite rising cybersecurity and mobile security budgets, security breaches and intrusions continue to increase.  Source: Verizon Mobile Security Index, 2022
Despite rising cybersecurity and mobile security budgets, security breaches and intrusions continue to increase. Source: Verizon Mobile Security Index, 2022

Verizon found that nearly half of organizations, 45%, have been affected by an attack, intrusion, or data exfiltration originating from a mobile device in the past 12 months. Things get even worse for companies with broader global operations. More than three-fifths, or 61%, have been hit by mobile-based cyberattacks in the last year. That’s significantly higher than the 43% of local-only businesses that were attacked via mobile devices.

Zero Trust can meet the speed needs of businesses

CISOs are consolidating their tech stacks to increase visibility across each endpoint while reducing costs. At the same time, more organizations are building a business case for adopting Zero-Trust Network Access (ZTNA) for speed and security. According to a Microsoft report, 96% of security decision makers believe Zero Trust is critical to their organization’s success.

Gartner’s 2022 Market Guide for Zero Trust Network Access provides an analysis of the ZTNA market, its critical vendors, and the factors companies must consider when implementing ZTNA frameworks.

“From modern and mobile endpoint defense and device attestation to securing enterprise applications throughout the development lifecycle, organizations need to scale their security with their data, access, employees and customers,” wrote Jon Paterson, CTO of Zimperium, in the company’s 2022 Global magazine, Mobiler threat report.

Use Zero Trust to protect any device as a new security perimeter

Implementing a zero trust framework must begin with the goal of gaining greater visibility, control, and security over each endpoint. IT and security teams need to understand that each device added to their network represents a new security perimeter.

As a result, Zero Trust is fast becoming a staple as a framework for enhancing the security of any organization. A previous VB article that highlights the key things CISOs need to know about Zero Trust shows how organizations can create a roadmap that best suits their business.

CISOs continue to pressure UEM platform providers to consolidate and offer more value at a lower cost

Gartner’s latest Magic Quadrant for Unified Endpoint Management Tools reflects the influence of CISOs on the product strategies of IBM, Ivanti, ManageEngine, Matrix42, Microsoft, VMWare, Blackberry, Citrix and others. Gartner’s market analysis shows that endpoint resilience is another key purchasing criterion. Endpoint security leaders include Absolute Software’s Resilience Platform, Cisco AI Endpoint Analytics, CrowdStrike Falcon, CyCognito, Delinea, FireEye Endpoint Security, Venafi, and ZScaler.

A Forrester report cites Ivanti, Microsoft, and VMWare as leaders, with Ivanti having fully integrated UEM, Enterprise Service Management (ESM), and End User Experience Management (EUEM). Leading UEM platforms, including those from VMWare and Ivanti, have multi-factor authentication (MFA) built into the core code of their architectures. Because MFA is one of the core components of Zero Trust, it’s often a quick win for CISOs who have often struggled over budget.

Support BYOD and corporate-owned mobile devices on the UEM platform

Unified Endpoint Management (UEM) platforms are proving capable of providing device management for corporate device assets while supporting Bring Your Device (BYOD) policies. Best-in-class UEM platforms support anywhere needs, including cloud-first OS deployment, peer-to-peer patch management, and remote support.

IT and security teams are turning to UEM platforms to improve user experiences while considering how endpoint detection and response (EDR) fits in with VPN replacements. Advanced UEM platforms also offer automated configuration management to ensure compliance with enterprise standards.

Automated patch management can further reduce the risk of mobile device attacks

It’s no surprise that the majority of security professionals find patch management time-consuming and overly complex. IT and security teams are often overwhelmed with work, which forces patch management down their priority list. 53% of IT and security teams say organizing and prioritizing critical vulnerabilities takes the most time. Ivanti rolled out an AI-based patch intelligence system at RSA earlier this year.

Ivanti’s Neurons patch for Microsoft Endpoint Configuration Monitor (MEM) is notable because it relies on a suite of AI-based bots to find, identify, and update any patches on endpoints that need updating. Other providers of AI-based endpoint protection include Broadcom, CrowdStrike, SentinelOne, McAfee, Sophos, Trend Micro, VMWare Carbon Black and Cybereason.

Mobile devices predict the future of Zero Trust

Digital-first business plans are dominating the IT, security, sales and marketing plans of most companies today. But it’s the mobile devices in the hands of employees, suppliers and customers that are the endpoints that affect the success or failure of any strategy.

Instead of relying on outdated tech stacks to support next-gen digital revenue strategies, it’s time more companies consider how to define a zero-trust framework that can help tech stacks consolidate while removing barriers to user productivity. The goal is to secure each endpoint as a new security perimeter without impacting user productivity. Zero Trust makes this possible on mobile devices today.

VentureBeat’s mission is intended to be a digital marketplace for technical decision makers to acquire knowledge about transformative enterprise technology and to conduct transactions. Discover our briefings.