How can a zero trust policy improve your industry?

What is zero trust? The zero trust strategy's goal is to securely connect only proven and authorized users to the right data at the right time and in the right context. Zero trust assumes nothing; takes nothing for granted.

Every connection must be continuously checked and validated. And, this strategy can help protect the industries that are most at risk of attack.

Zero trust for health care

A regional hospital system has been attacked—again. The culprit? Ransomware launched through a phishing email. The threat actors want to hold the hospital system hostage, shutting down its electronic health records and patient portals. If the hospital can’t access patient records and scheduling systems, then everything but critical care will be canceled, resulting in lost time, revenue and trust. Luckily, the hospital systems' IT and security teams learned by watching attacks on other organizations and put a zero trust strategy in place. A zero trust strategy isolates threats to a specific area, limiting the ability for attacks to move to other parts of the organizations and limiting disruption.

Health care security challenges

Health care teams focus on protecting patient data, but everything is connected and defense must go beyond just data.

The rise of the Internet of Medical Things and personal health devices increases the potential attack surface.

Breaches and data compromise can damage the hospital's brand, escalating the total cost of the threat.

Average cost of a health care industry data breach

Increase in average cost of a data breach from the prior year

Share of breaches containing personally identifiable information in all industries.

Zero trust for energy and utilities

A nation-state threat actor group seeks to sow chaos. Knowing that smaller towns and rural cooperatives rarely have the budget or staff for robust defenses, that's where they focus. They also hope a smaller utility will provide the gateway into an even larger grid where they can do more damage. Their goal is to attack a water treatment plant and raise chemical content to dangerous levels, poisoning the water supply.

But their first target has learned lessons from other attacks. The rural county's security lead put a zero trust strategy in place over the facility's operations technology infrastructure and industrial control systems. Implementing continuous and adaptive authentication throughout the entire organization—from grid to corporate systems—improves protection and limits the opportunity for wide-spread compromise.

Energy and utilities security challenges

Malicious actors know there is a disconnect between the teams that protect 'the grid' and the teams that protect the corporate systems.

This sector is shifting to green energy sources, which are more digitally connected, creating a larger attack surface.

Businesses now understand more about infrastructure weaknesses, but stall between knowing that and taking action.

Average cost of an energy industry data breach

Only 52% promptly upgrade and patch their systems

Cost of fines for a U.S. electrical company after a 2016 data breach

Zero trust for banking and finance

The finance sector offers a tempting target to threat actors. In 2020, that target became larger as more people worked from home. More consumers and businesses shifted purchasing online. Ahead of the pandemic, a leading credit bureau adjusted its perimeter-focused security model to a zero trust approach in order to improve security and the customer experience. This approach ensures that each connection—whether it is users, devices, or applications—is continuously checked for authenticity and need.

Using zero trust approach, access is limited and conditional. When a third-party vendor is hit with a malware attack, the credit bureau is less concerned about how they will be affected. A combination of network segmentation and identity and access management provide critical context that quickly identify and isolate attacks—and provide targeted remediation. As a result, data is protected and business operations aren't delayed.

Banking and Finance Security Challenges

Remote and hybrid workers in the finance sector may not have the same defenses as they did working in the office—making them more of a target.

The numerous connections required of financial organizations to collaborate with one another increases the surface area for compromise.

Average cost of a financial sector data breach

Percentage of financial services groups that have reported an attack in the past 12 months

Average time to find and contain a breach in the financial sector

The percentage of breaches that are from threat actors seeking money

How zero trust provides security

Competitive business operations require users, data and resources to be spread across the globe. Every industry has security risks that impact them differently. Zero trust provides an industry-agnostic approach for implementing cybersecurity that is continuous, comprehensive and based in context. As a result, organizations can proactively manage security, giving them the flexibility to take new risks that drive business growth. Learn how IBM Security is putting zero trust into action with a modern, open approach to security that aligns with business priorities.

Sources

  1. IBM Security Cost of a Data Breach Report 2020
  2. IBM Security Cost of a Data Breach Report 2020
  3. IBM Security Cost of a Data Breach Report 2020
  4. IBM Security Cost of a Data Breach Report 2020
  5. Survey respondents for Utility Dive State of the Electric Utility Survey 2020
  1. The Wall Street Journal
  2. IBM Security Cost of a Data Breach Report 2020
  3. Cybercriminals Cash Out as Finance Industry Becomes Lucrative Targets
  4. IBM Security Cost of a Data Breach Report 2020
  5. Verizon 2020 Data Breach Investigations Report