IT Brief New Zealand logo
Technology news for New Zealand's largest enterprises
Story image

Zero trust in NZ, and its rise from fringe approach to industry standard

By Nick Forrester
Mon 1 Nov 2021

In the last 18 months, cybersecurity has transformed. 

Ever the opportunists, cyber-attackers took advantage of the vulnerable state of the world early last year, preying upon the swathes of workers making the abrupt transition to remote working. 

Many had never worked from home before. Their devices were unsecured, they weren’t trained in remote working security best practices, they weren’t connected to the corporate, on-premises firewall — and cyber-attackers knew it.

VPNs were, historically, a popular solution to this problem. They provided a means to ‘tunnel’ into the corporate network — but they did not address the fact that perimeters had been weakened with so many devices away from on-premises networks. And when attackers pass through this perimeter, a VPN approach assumes they can be trusted throughout the network.

It soon became clear to many security teams that perimeter-based remote security was not a sustainable approach with half the world’s workforce and students working from their living rooms. The zero trust model, while not new, quickly became the industry standard: according to a report from Zscaler earlier this year, 72% of surveyed organisations are adopting or have adopted the approach.
 

What is zero trust?

The guiding principle of a zero trust security model is that no one in an organisation — from a new recruit to the CISO — is granted intrinsic trust to access the network. Every user and device must be verified and authenticated regardless of role or security clearance. 

It changes an organisation’s ‘default state’ to one that assumes the network has experienced a breach, with access denied until a successful authentication is achieved. 

The rise of zero trust has coincided with an increase in insider attacks — another risk factor made riskier by the onslaught of remote working. Without adequate protections in place, an organisation with a remote workforce is exceedingly vulnerable to breaches from within the company as well as without. 

In the last two years, many organisations have gained new insights into who can constitute a cyber-threat — including trusted insiders. Insider attackers are often thought of as disgruntled employees, or spies with ill intent. But with heightened vulnerabilities as a result of remote working, well-meaning employees are just as likely to be labelled as insider attackers if they open the door to hackers through poor password hygiene, falling victim to phishing attacks, and general lack of cybersecurity know-how.

IT and cybersecurity company A10 Networks’ vice president Adrian Taylor says a zero trust approach is an effective way to combat insider threats.

“While awareness and education can reduce the risk of successful phishing and ransomware attacks, a single moment of negligence can be enough to devastate the business,” says Taylor.

“In this environment, it is safer to assume that even your most trusted user can pose a security risk — and design your cyber defence strategy accordingly.”
 

The business benefits of zero trust

The rapid onset of remote working has exacerbated not only the volume of cyber-attacks but also the costs related to breaches. 

According to the Ponemon Institute’s Cost of a Data Breach 2021 report, the average cost of a data breach in 2021 is US$4.24 million — an increase of almost 10% year-over-year. This is the highest ever figure for this metric in the report’s 17-year history. When remote working was presumed to be a factor in causing the breach, the average cost increased to $4.96 million. 

But, a zero trust approach, the report found, makes a drastic difference in reducing this cost. While the average cost of a breach was $5.04 million for those without a zero trust approach, those that had adopted the approach had an average breach cost of $3.28 million — a huge 42% difference.

Aside from cost reduction, zero trust can also assist in bolstering user experience (UX). On Gartner’s podcast channel ThinkCast last week, Gartner analyst and senior director John Watts says if the approach is implemented correctly, businesses can capitalise on better UX.

“Rather than dealing with a problematic VPN that is always prompting for access, some of these solutions could seem much more transparent to the user,” says Watts. “There’s a lot of value to be gained even just by trying to get to a zero trust architecture over time. 

“The value in pursuing this mindset is in how you apply those principles, work to reduce implicit trust, and improve risk posture.”
 

Zero trust in Aotearoa

The last two years have been eventful, to say the least, when it comes to cybersecurity in New Zealand. There were some 350+ cybersecurity incidents recorded in New Zealand over the 2019/2020 period, according to New Zealand’s National Cyber Security Centre (NCSC) — an increase from previous figures.

The Reserve Bank of New Zealand suffered a breach in January this year, costing NZ$3.5 million; 100 local email servers were affected by the notorious Microsoft Exchange attack in March. Perhaps most notably, the Waikato DHB’s entire network was pushed offline in a ransomware attack in May this year, impacting medical procedures and resulting in a major leak of confidential patient data.

There’s no one solution to the cybersecurity woes of an entire nation, but moving closer to widespread adoption of zero trust architectures is a step in the right direction.

In August, it was reported that Kāinga Ora and the Ministry of Housing and Urban Development are leading the charge in adopting zero trust security in the New Zealand government.

According to reporting from Reseller News, Kāinga Ora led a zero trust architecture working group as part of the Government Information Security Forum. The Crown agency told Parliament’s social services and community select committee that it had 21 projects planned under its cyber security initiatives programme in its 2022 financial year. One of these projects was the implementation of a zero trust architecture.

This should also be considered for the IT systems of the country’s health system, according to Palo Alto Networks New Zealand country manager Misti Landtroop — especially following the Waikato DHB breach, as well as the Government’s recent decision to scrap district health boards (DHBs) in favour of a centralised new body, Health NZ. 

“Surgeries were delayed, confidential patient information was sent to the media by the hackers and questions were asked about whether the other DHBs had taken the necessary steps to avoid a similar fate,” says Landtroop.

“With plans to centralise the country’s 20 DHBs into a single health service, we need to be confident that the IT systems undergirding such crucial public services are robust and that sensitive data remains safe — and a Zero Trust network is the best way to do that.”

Public Interest Journalism Fund logo
Public Interest Journalism funded through NZ On Air.
Related stories
Top stories
Story image
IDC
High level of Customer Identity & Access Management adoption
The study from Okta revealed that the pandemic has either accelerated or highlighted the need for digital-first strategies.
Story image
Application Performance Monitoring / APM
New Relic integrates offering with Atlassian’s Jira Software
New Relic has integrated errors inbox with Jira Software to allow developers to easily access and set up complete stack error tracking and software performance monitoring from within the tool.
Story image
Privileged Access Management / PAM
The importance of stopping identity sprawl for cybersecurity
The 2021 Data Breach Investigations Report (DBIR) shows that 61% of all breaches involve malicious actors gaining unauthorised, privileged access to data by using a compromised credential. Unfortunately, it is often too late when the misuse of a credential is detected.
Story image
Ingram Micro
Ingram Micro NZ sees $74 million revenue growth in 2021
Ingram Micro New Zealand's latest financial report reveals that its revenue from contracts with customers increased by almost $74 million in 2021.
Story image
Data Protection
VMware introduces advanced workload protection for AWS
VMware Carbon Black Workload for AWS delivers comprehensive visibility and security across on-premises and cloud environments for AWS customers.
Story image
SaaS
AvePoint rebrands SaaS learning product to MaivenPoint
"Our mission with MaivenPoint is to make your learning experience limitless and inspire everyone to achieve their aspirations."
Story image
Storage
DCI Data Centers breaks ground on AKL02 center
DCI Data Centers has commenced construction on Auckland's largest data center.
Story image
Inde
Exclusive: Inde provides innovative solutions across the tech sector
Inde likes to call its approach the 'power of the collective', which essentially means that if a client approaches the company with a problem, they'll get the team's collective insight to help drive the best outcome.
Story image
Gartner Magic Quadrant
Gartner positions Commvault as Leader in 2022 Magic Quadrant
Gartner has named Commvault a Leader in its 2022 Gartner Magic Quadrant for Enterprise Backup and Recovery Software Solutions report.
Story image
Tech job moves
Tech job moves - Cohesity, Equinix, IDC, Proofpoint & Xero
We round up all job appointments from July 29 - August 5, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Dark web
Beware the darkverse and its cyber-physical threats
A darkverse of criminality hidden from law enforcement could quickly evolve to fuel a new industry of metaverse-related cybercrime.
Story image
Pure Storage
Pure Storage named leader in GigaOm report for Kubernetes storage
Pure Storage named the leader for the third consecutive year by GigaOm Radar Report for enterprise Kubernetes storage.
Story image
10 Minute IT Jams
Video: 10 Minute IT Jams - An update from Heidrick & Struggles
Graham Kittle joins us today to discuss how the company is helping organisations bring about change within their business.
Story image
Artificial Intelligence
Exclusive: NZ-based DEFEND offers global cyber protection
DEFEND supports customers in 66 countries across the globe with a relentless focus on ensuring that every dollar spent on security provides a meaningful return on investment and reduces cyber risk.
Story image
Microsoft
Spectralink DECT devices now integrated with Microsoft Teams SIP Gateway
Spectralink DECT devices are now integrated with Microsoft Teams SIP Gateway to help create better results for business-critical frontline workers.
Story image
Data analytics
Data analytics a struggle for A/NZ healthcare organisations
A study by InterSystems has found that most Australian and New Zealand healthcare organisations struggle to use data analytics to support their business objectives.
Story image
Indusface
Why enhancing bot protection for web and API endpoints matters
The trouble with bots is that they aren’t all bad. Unfortunately, this can make it challenging to detect malicious bots that find their way into your system and threaten your business.
Story image
Google Cloud
Google Cloud to open first cloud region in NZ - among others
Google Cloud has announced plans to bring three new cloud regions, one each in New Zealand, Malaysia and Thailand.
Story image
Gigabit
Keysight Technologies and Nokia’s public test of 800GE success
Keysight and Nokia have successfully demonstrated the first public 800GE test, validating the readiness of next-generation optics for service providers and network operators.
Story image
APAC
Automation to take over 63 million jobs in APAC by 2040 - report
Forrester forecasts that working populations in the five largest economies in APAC are more at risk of physical robot automation than in Europe and North America.
Story image
Cybersecurity
Palo Alto Networks responds to rise in threats with MDR service
Unit 42 Managed Detection and Response is a new service that can offer continuous 24/7 threat detection, investigation and response.
AWS Marketplace
Learn how security orchestration, automation, and response (SOAR) enhances your security strategy.
Link image
AWS Marketplace
See how managed security services (MSS) have evolved to Managed Detection and Response (MDR) and Extended Detection and Response (XDR). Learn how these new holistic solutions can simplify security management and improve your threat detection and response.
Link image
Story image
SaaS
Claroty launches new cloud-based industrial cybersecurity platform
The company says Claroty xDome is the industry's first solution to deliver the ease and scalability of SaaS without compromising on visibility, protection, and monitoring controls.
Story image
Data
Talend announces support for Amazon Redshift Serverless
Talend has announced its support for Amazon Redshift Serverless, with the company saying the integration reinforces its commitment and leadership in supporting businesses.
Story image
Hybrid Cloud
The essential guide to digital transformation by SolarWinds
Digital transformation is a buzzword thrown around all the time by companies, but what does it actually mean and why is it important? SolarWinds breaks it down.
Story image
New Zealand
2degrees announces appointments to newly established board
2degrees has announced Liz Coutts as the board chair, while Russell Stanners and Kathy Meads join her as directors.
Story image
Digital Transformation
Adobe and FC Bayern collaborate on a multi-year partnership
Adobe is embarking on a multi-year partnership with FC Bayern, using its enterprise solutions to carry out the club’s digital transformation.
Story image
Healthcare
Why the Metaverse could be the key to enhancing the healthcare sector
The experts at Accenture understand that the programmable world is about building the next version of the physical world in healthcare, understanding complex layers in order to fully utilise technology to its maximum effect.
Story image
Red Hat
Red Hat announces 2022 awards winners for A/NZ region
Red Hat recently acknowledged Australia and New Zealand partners with its annual awards, highlighting partners across various categories.
Story image
Cybersecurity
Datacom research explores reality of zero trust in A/NZ
Zero trust is fast emerging as global best practice in cybersecurity and local leaders are on board, with 83% considering it essential to security.
Story image
Charity
SnapLogic teams up with meetmagic for charity and children
SnapLogic has announced its partnership with meetmagic, an online Australian platform that combines business and philanthropy.
Story image
Open source
Flashpoint acquires Echosec Systems, elevates OSINT capabilities
Flashpoint has acquired Echosec Systems, a provider of open-source intelligence and publicly available information.
Story image
Malware
Avast One extends protection with Online Safety Score
Avast One has extended its cross-platform support by adding its Online Safety Score feature to both the Mac and iOS platforms of Avast One.
Story image
Document Management
TrustRadius gives M-Files two document management awards
TrustRadius has recognised M-Files with both a 2022 Best Feature Set and a 2022 Best Relationship award in document management.
Story image
Enterprise Resource Planning / ERP
Why the right ERP (and partner) is crucial to an innovative and successful business
Enterprise Resource Planning (ERP) is a foundational step to ensuring a robust business model; here's why choosing the right one could be vital to ensuring long-term success and innovative results.
Story image
Financial results
Jade Software’s plan to get back to surplus in 2022
Jade Software has released its latest financial report, revealing that the company has kept its loss low from $567,000 in FY 2020 to just $153,000 in FY 2021.
Story image
Compliance
Why security needs to shape your journey to the cloud
It's estimated that 80% of workloads could be in the cloud in the next few years. How can you make all that data secure?
Story image
LG Electronics
LG Electronics’ revenue in NZ grows by 57% in FY 2021
The New Zealand branch of LG Electronics Australia's total revenue shot up by nearly NZD $45 million reaching a total of $123.7 million for FY 2021.
Story image
Sustainability
NZ program recovers and recycles more than 177 tonnes of e-waste
The TechCollect NZ pilot program says its milestone of recovering and recycling more than 177 tonnes of ICT e-waste recognises the efforts of many.
Story image
Neat
Workplace design a crucial factor for better employee experience - report
The key to a successful workplace could be its design, according to research from Ecosystm and Neat.