While only 16% of companies implemented Zero Trust in 2019, reports indicate to conclude in 2022 there has been a 97% increase and there are no signs of this slowing down. Even in the midst of economic uncertainty, evolving threats and sophisticated ransomware attacks continue to rise, leaving IT leaders with no choice but to redefine and optimize its current cyber security strategy even if they are facing budget constraints.
When polled "does your organization have a zero trust security initiative today or planning to in the next 12-18 months"
North American Companies Global 2000 Companies
Despite that organizations will need to decrease their spending budgets, it is indefinite that more organizations are trending to adopting a Zero Trust Framework. Organizations globally are adopting the Zero Trust Framework as a strategic differentiator for any company that has a digital footprint. According to a study conducted by Okta, companies with a defined Zero Trust initiative have doubled from 24% in 2021 to 55% in 2022.
Zero Trust Requirements ranked in terms of priority for the organization
While data, network and device rank the most important priorities for organizations, leaders are beginning to understand that we are decades away from the "Autonomous SOC" and being that human error accounts for 95% of cyber incidents, experts predict people to be a top 3 priority to adapt to a Zero Trust Framework.
How do we solve the problem for 95% of cyber incidents being directly correlated to human error? Organizations are beginning to understand that antiquated security operation strategies with thousands of low-fidelity alerts flowing into their systems on a daily basis are wasting analysts time. They need to enhance processes to focus on the business drivers which impose the most risk.
With pressure coming from stakeholders to reduce budgets, IT leaders will need to report heavily on business outcomes related to risk quantifying security spend to ROI. The old days of having a set budget in which IT leaders can allocate money to any vendor/tool/head count will require another stamp of approval.
This has not just caused some of the fundamental problems that security leaders face, such as SOC fatigue from alert overload and layering redundant tools into your security operations tech stack that are financially irresponsible. This year as companies become more and more budget conscious, organizations will have to shift their overall strategy to focus on not protecting everything, however, focusing on the factors that impose the most risk to the organization.
With tech company layoffs trending due to the macroeconomic climate, it is inevitable that candidates with strong technical skills will be open to new work. Former disgruntled analysts who have been notorious job hoppers seeking more money are starting to develop happiness in the workplace through job security. The cybersecurity skill gap will continue to shrink and move away from the headlines, and leaders will have more time to focus on building strong teams that are a good fit for the organization as opposed to just fulfilling the basic requirements.