Trust No One: Why Zero Trust is for Everyone

If you’re a small or mid-sized business, you may think zero trust (ZT) is only for large organizations with huge remote workforces and very deep pockets. Really the qualifier for adopting Zero Trust Architecture (ZTA) is simple—are you hackable?

With the rise of Ransomware as a Service, where criminals don’t even have to know code, just have a vendetta or get their kicks from hurting other people, cybercrime has skyrocketed and enterprise businesses aren’t always the target. Bad actors like to go for the smaller organizations because they know that there is less protection in place to stop them.

As the business landscape changes to include hybrid and remote work, migration to zero trust is a must for all businesses, no matter the size or industry. However, many companies have been slow to adopt ZT, depending instead on

perimeter security.

The myths we tell ourselves

The luxury of complacency can be very expensive. In fact, for small and mid-size businesses in particular, it more often than not means the death of the business.

Myth #1

For SMBs, the cost of a breach is “only” about $10K. When it comes to the cost-benefit threshold for implementing ZTA, we can afford to take our chances.

Truth

The sobering reality is that the average cost of a single breach for SMB is estimated to be $149K. Many can’t afford to take that kind of hit.  Everyone knows that 60% of small businesses hit with an attack will likely close in 6 months, yet many business leaders choose to gamble with their odds.

Myth #2

Our security posture is strong, and our people are well-trained in how to spot threats.

Truth

According to Security Intelligence, 75% of security breach incidents come from the inside the business with 84% of attacks caused by human error. Cisco points out that 81% of breaches target identity through compromised credentials. Most IT professionals will tell you more often than not, it's untrained employees who create opportunities for cyber criminals.   

Myth #3

Cybercriminals only go after big enterprises since they can get bigger payouts. We’re a small company so it’s not even worth the hassle of targeting us.

Truth

It’s not always about the money. Some hackers just want to cause chaos and disruption. However it's important to remember that easier, smaller targets with lower payouts, in large quanitites can be a more lucrative ransomware model than going after a handful of large targets with better defenses.  43% of cyberattacks target smaller businesses. You have to also consider the downtime and loss of productivity. Forty percent of small businesses experienced eight or more hours of downtime due to a cyber breach. This could not only cause you a loss of income, but also damage your reputation with customers.  

What is zero trust?

Everywhere you look it seems someone is talking about zero trust. It truly is the buzzword of the decade. Instead of jargon, think of zero trust as a mantra, “Trust nothing and no one. Verify everything and everyone.”

Though ZT has a reputation as being a complex solution, it’s really a straightforward strategy that removes any implicit trust, regardless of who’s accessing a network or system and what’s being accessed. Since no one is trusted—insider and outsider—access is verified and authenticated each time a user logs in.

With zero trust architecture, you can:

• Minimize the risk of a hack by authenticating users before granting access and limiting network exposure through least-privilege access.
• Have clear visibility into who and what is accessing applications, workloads, and your networks to reduce risk.
• Reduce your attack surface and contain breaches, preventing bad actors from moving laterally in your network.
• Automatically expand your security and scale rapidly as your business transforms and grows.

Zero Trust vs Perimeter Security

Think of perimeter security as the outside walls of your office building. Your employees access the building with a secure code to gain entry.  But what happens once they’re in your building? They can move unrestricted between floors and rooms. They can raid your supply closet and even walk right into your office and rummage through your desk or files while they eat your lunch. Who’s to say how far they can go with unrestricted access to your environment?

Compare that to zero trust. Employees must use a badge to gain entrance to your building. Once inside,  employees can only access the floors they work on, with stairwell doors and elevators card keyed to only allow access to those with the right credentials. For employees with permission to access highly sensitive areas, additional forms of identification, such as a biometric are used to ensure only the people with proper permissions have access to sensitive areas within your organization.

Zero trust is the virtualization of this type of security. It:

• Assumes the network—and all in-routes—are always hostile.
• Accepts that external and internal threats are always on the network.
• Knows that network locality is not enough to determine trust.
• Authenticates and authorizes every device, user, and network flow.
• Implements dynamic and calculated policies from as many data sources as possible.

Zero trust: Simple and painless

As a CMMC-RPO registered company with extensive experience in designing and deploying zero trust security infrastructures, Procellis makes migrating to a zero trust security environment simple and painless. We are also only one of a handful of Cisco partners with Advanced Security certifications. So ,you can rest assured it will be done right the first time.

Your zero trust transformation starts with a detailed roadmap created by our experienced engineers who have helped dozens of companies level up their security with ZTA.

Our team will:

• Establish a baseline by assessing the status of your security architecture to find elements of zero trust already existing in your environment.
• Discern your business initiatives and current security projects to ensure our recommendations complement business strategies, processes, and operations.
• Document where you can repurpose existing technologies into a zero trust architecture.
• Set goals for your future zero trust state with plans of actions and milestones on a timeline that is comfortable for you.
• Deploy each phase of implementation.
• Manage your technology lifecycle to keep your company secure with the latest defense technologies.

Ready to make the move to zero trust? Talk with one of our experienced SecOps professionals to learn how Procellis can make migrating to a zero trust environment easy for your business.