Mind Shift Needed In Enforcing A Zero Trust Approach
In 2023, technology has grown with a lot of new innovations that have changed different spaces in the technology sector, including security.
On the second day of the dx5 Cloud and Security Summit, the main topic of discussions was security with various topics around different approaches towards enabling cybersecurity. Anthony Muiyuro, Partner, Risk Advisory & Cybersecurity Leader, Deloitte East Africa, gave the keynote presentation on how to enforce the zero trust approach to security today.
With the transformation that has happened in the IT landscape in the recent years, Muiyuro advised that the mindset needs to change in the zero trust approach.
CISOs today find their agendas dominated by the need to reduce the complexity and costs of securing multicloud infrastructure while consolidating tech stacks to save on costs and increase visibility. This makes organisations look to different approaches, including the zero trust approach.
Many security leaders say their cybersecurity systems and tech stacks can be too complex and costly to operate. This is why CISOs are relying more and more on zero-trust initiatives to simplify and strengthen their enterprises’ cybersecurity postures and secure every identity and endpoint.
However, Muiyuro advised that the cybersecurity space is changing and even when taking a zero trust initiative, it is important to have a mind shift even with the zero trust approach.
“In cybersecurity, we always say that we have a five-year circle where after every five years things change. Right now, we are talking about cognitive AI, so we also need to look at how we can enable cognitive security,” Muiyuro said in his presentation.
“You need to have visibility of your IT environment and monitoring is extremely critical but what you can not monitor, you cannot secure. And that is why we always talk about being able to see just what happens. When you detect an attack it reduces its impact to almost 50-60 per cent because the impact will have a reduced hack value,” he added.
In addition, Muiyuro talked about the importance of the data to the organization being attacked and its importance to the attackers as well. He added that it’s important to know how the attackers can use the data to better understand how to protect your IT environment.
In the presentation, Muiyuro further delved into specific cases and examples, highlighting the challenges and opportunities for promoting a culture of risk awareness and accountability across the organization.