But moving communication, business, and personal interactions online has also significantly increased potential attack surfaces, resulting in a dramatic surge in cybersecurity incidents and exposed records. As workloads move to the cloud, threats move with them. IBM’s Institute for Business Value research indicates that in 2020, upwards of 90% of cyber-related incidents originated in cloud environments.
Valuable yet vulnerable: Securing critical infrastructure
The very nature of critical infrastructure implies a dynamic relationship between trust and risk. As operations move online, both IT and operational technology (OT) networks are subject to compromise. The July 2021 Kaseya ransomware attack, for example, affected up to 2,000 organizations and carried ransom demands in excess of $70 million. Our reliance on IT and OT environments means mission-critical infrastructure is increasingly vulnerable to new threats.
Interconnected risk: IT and OT risks are complex and interdependent
70% of organizations are unable to secure data that moves across multiple cloud and on-premises environments.
Tensions may be inevitable. Many OT systems have traditionally relied on system isolation, yet the demand for insights from connected devices and smart systems makes such practices difficult to sustain. If anything, a lack of connectivity can render existing vulnerabilities more difficult to remediate.
Making matters worse, risks often cascade: a failure in one system often results in the failure of others. Threat actors are becoming more sophisticated in their ability to capitalize on shortcomings in IT and OT security controls. While the potential impacts are significant, such risks can be difficult to anticipate.
Setting the pace in zero trust security
To better understand how organizations are implementing zero trust security, the IBM Institute for Business Value (IBV) partnered with Oxford Economics to survey more than 1,000 operations and security executives from organizations in 15 industries across the globe. Our analysis reveals 23% of organizations—a group we refer to as “zero trust pacesetters”—are ahead of their peers in deploying zero trust capabilities across their IT and OT environments and in their interactions with ecosystem partners.
These organizations have fashioned their IT and security operations as a single estate. They are proficient in partnering internally and externally to manage cybersecurity risk. They have modernized their security operations related to interdependent governance, risk, and compliance frameworks. They apply cloud, AI-driven analytics, and automation extensively. And they recruit, develop, and retain skilled cybersecurity resources to enable zero trust capabilities across their digital estates.
92% of organizations lack the ability to securely enable and extend new cloud-native capabilities to their internal and external partners.
Most importantly, their security operations can adapt to the complexity of the current business environment—whether it’s enabling a remote workforce; monitoring endpoints, applications, data, and network traffic; or analyzing the behaviors of employees, customers, and partners to identify emergent threats.
Read the full report to learn what sets zero trust pacesetters apart—and how your organization can create a zero trust roadmap that leads to greater cyber resilience.
For any questions or requests contact your IBM Representative today.