Dr. Chase Cunningham - Weekly cybersecurity news September 12, 2023

10 Things You Need to Know About Cybersecurity and Zero Trust

Dr. Chase Cunningham, also known as Dr. Zero Trust, shares his insights on the top ten things you need to know in cyber and zero trust this week.

Hello there! Dr. Chase Cunningham here, also known as Dr. Zero Trust. Today, I want to share with you the top ten things you need to know about cybersecurity and zero trust. So, let's dive right in!

1. Five Areas Where Zero Trust Can't Fully Protect Your Organization

Zero trust is a security paradigm that many organizations are adopting. In an article from CISO magazine, the growing adoption of zero trust is discussed. However, it's important to acknowledge that there are areas where zero trust alone cannot provide complete protection. These areas include legacy systems, IoT devices, privileged access, third-party services, and new technologies and applications. While zero trust may not cover these areas entirely on its own, there are approaches within the context of zero trust that can help solve problems in these areas.

2. Zero Trust Considerations for IoT

The traditional approach to IoT systems primarily focuses on network perimeter security. However, this is no longer sufficient. An article on IoT for All explores what zero trust means for global IoT security. It discusses five aspects including secure SIM provisioning, secure data and SMS connectivity for 5G, 4G, and LTE, secure connectivity management platforms, automating security at scale in the cloud, and MNO Agnosticism. If you're unfamiliar with these concepts, I highly recommend reading this article to gain a better understanding.

3. Department of Defense (DoD) Reviewing Zero Trust

The DoD is currently focusing on zero trust and reviewing its applications at a micro level. This is an exciting development and emphasizes the importance of zero trust in cybersecurity. The DoD has allocated significant funding to this multi-year project. If the DoD can implement zero trust, it indicates that any organization can adopt this strategy. While it doesn't guarantee absolute security, zero trust remains a worthwhile investment.

4. Dell's Fort Zero Enables Zero Trust for the Government

Dell has initiated a project called Fort Zero within the government, specifically, the DoD. This project aims to provide capabilities for enabling zero trust within the government sector. The involvement of major players like Dell in this space is encouraging. It's worth delving into this topic and familiarizing yourself with their efforts.

5. New Regulations and Requirements Coming Your Way

Prepare yourself because new regulations are on the horizon. An article discusses the Critical Infrastructure Security Act (CISA) for critical infrastructure reporting, which was written in 2022 and is becoming a reality. These regulations will impose additional requirements on organizations. Staying informed and proactive in compliance with these regulations is essential.

6. Zero Trust Implementations at G20 Summit

At the G20 Summit, held overseas, zero trust was implemented within the host organization, which included hotels accommodating the world leaders attending the summit. This move underscores the significance of identity and access management, device security, and other zero trust principles. The G20 Summit serves as an example of how zero trust can be effectively employed.

7. IAM Cloud Security Drives Cybersecurity Spending

CISO Online published an article that sheds light on where cybersecurity spending is heading in the coming years. The focus is mainly on Identity and Access Management (IAM), as well as cloud security. Though not all publications from Gartner are entirely reliable, the trend towards increased investment in IAM and cloud security is well-established.

8. Persistent Cybersecurity Challenges in Healthcare

Forbes.com featured an article about the cybersecurity challenges hospitals face. The article highlights the concerning state of cybersecurity in healthcare, where priorities are often focused on patient care rather than cybersecurity. Hospitals operate in a flat network environment and face difficulty in keeping up with evolving threats. Despite regulatory requirements like HIPAA and high trust standards, cybersecurity preparedness remains inadequate in many healthcare organizations.

9. Mission-Focused Leadership in Cybersecurity

An article in Information Week discusses the critical importance of mission-fueled leadership in cybersecurity. Understanding and aligning with the mission of your organization is crucial for effective leadership. A clear mission statement, beyond mere rhetoric, can inspire others to follow suit. This article provides valuable insights into developing mission-focused leadership skills.

10. Layoffs in Cybersecurity Despite Strong Business Performance

Despite thriving business performance in the cybersecurity sector, layoffs have been observed. This raises important questions about the decisions made by profitable organizations. When companies are reporting better-than-expected earnings, it may seem counterintuitive to lay off a significant portion of the workforce. This issue warrants further exploration to comprehend the underlying reasons behind these decisions.

In conclusion, staying informed about the latest trends and developments in cybersecurity and zero trust is vital for organizations aiming to secure their systems and data. Paying close attention to areas where zero trust may fall short and understanding how to address these challenges is essential. Additionally, keeping an eye on emerging regulations, focusing on mission-driven leadership, and addressing prevalent cybersecurity issues in industries like healthcare are all crucial factors in establishing robust security practices.

That's all for now! Stay smart, stay safe, and stay secure. See you next time!

*Dr. Chase Cunningham, AKA Dr. Zero Trust, CybersecurityHQ