According to Microsoft, Zero Trust is now ‘the top security priority’ for 96% of the interviewed security decision makers, while 76% were currently in the process of implementation. 90% of those interviewed stated that they were ‘familiar’ with Zero Trust and able to pass a knowledge test. The nature of this test and the appropriate right answers weren’t provided.

As cyber threats continue to evolve, investing in generic services and off-the-shelf products leaves organisations exposed by failing to deliver the specific outcomes they need. Repeating these investments each year means that the level of security never truly improves, as attackers effectively invest more than the defenders.

This article is the first in our series on the Science Behind Cyber Security. Cyber security is often seen as a bit like the wild west, where it’s difficult to differentiate genuine solutions from snake oil. You can counter this by applying a scientific approach to scrutinise your planned cyber investments. As a buyer, you can find reassurance in the science and logic of a solution.

The industry consensus today is that the only way to reliably end the threat of ransomware for good is to stop paying ransoms. Some have even gone so far as to suggest that they should be banned altogether. But because of a lack of public knowledge and transparency, it’s almost impossible to know the full scale of the problem to understand the right solution.

SpecterOps recently released an offensive security research paper that details techniques enabling an adversary to abuse insecure functionality in Active Directory Certificate Service. SpecterOps reports that abusing the legitimate functionality of Active Directory Certificate Service will allow an adversary to forge the elements of a certificate to authenticate as any user or administrator in Active Directory.

Arguably the greatest threat to organisations in 2021 is ransomware. Ransomware attacks proliferated in 2020, increasing by 435% compared to 2019. The number of ransoms paid has also increased from 39% in 2018 to 58% in 2020 (the figure is likely to be even higher when factoring in those organisations that have not disclosed whether a ransom has been paid).

Cloud computing is the vehicle with which modern enterprise organisations drive their digital transformation initiatives. Cloud adoption provides an opportunity for organisations to progress their digital transformation initiatives, scale rapidly and develop their digital service offerings with reduced time and cost overheads, resulting in more agile and efficient working practices and increased value to customers.

Cyber threat intelligence (TI), defined as data that offers insight into a threat actor’s motives, targets, and behaviours, has soared in popularity in recent years. These factors have contributed to a TI boom where subscription data feeds proliferate.

At the time it was first introduced, a penetration test accurately represented how an attacker was likely to target a network. Today, that is no longer the case. As digital networks and business processes have evolved, so too have their security needs.