Infographic: What is the level of maturity of Zero Trust in your industry?

Where does your industry stand in its zero trust journey?

Most organization have started deploying security solutions that match a zero trust approach, but not all of them have completely defined their zero trust strategy, and much less have it deployed in their overall architecture. We worked with industry specialists to understand at which stage they were on their zero trust journey and what were the most important drivers and main use cases to progress in implementing this approach. Explore this infographic to know more about how zero trust is perceived in your industry in 2022.

Key Figure

90%

Currently, 90% of financial breaches involve servers. Basic web application attacks are the most common and involve the use of stolen credentials.

Source: 2022 DBIR Financial and Insurance industry

Benefits

Establish compliance and security as an integral part of digital business transformation to reduce risk and increase data protection.

Challenges/ threats
  • Strict controls must be extended (to cloud and third-party vendors), strengthened and granular enough to protect highly sensitive data that is subject to regulations
  • Remote working is forcing banks and insurers to secure by design and by identity, and abandon perimeter protection models.

Maturity

3/5

Use cases
  1. Identify employees and accounts with escalated privileges, as well as third-party vendors (data aggregators etc.) that access information systems and data
  2. Mitigate risks associated with unauthorized access to information systems, by implementing layered security
  3. Identify all users and customers for which strong authentication and access controls are needed
  4. Use identity verification to reduce the risk of identity theft
  5. Reduce ransomware attacks

Compliance

GDPR, regulations related to cloud and Outsourcing in FS&I (by EBA, FCA, FFIEC…), DORA (new in 2022)

Key Figure

48%

IT and telecom had the largest revenue share of the zero trust (ZT) market in 2020, over 48%.

(source)

Benefits

ZT enables the convergence of telecom networks and IT environments.

Challenges/ threats

The continued use of proprietary telecom network appliances (which are supposed to be inherently secure) delays ZT adoption.

Maturity

3/5

Security products and offerings are mostly geared at pure IT use cases. Specialized telecom ZT products are only gradually appearing on the market.

Use cases
  • ZT for telecom: Telco cloud security posture Management (CSPM) for cloud-native network functions
  • ZT by telecom: Secure access service edge (SASE) for remote IT workplaces

Compliance

Increasing security and sovereignty demands for mission-critical telco network functions and IT cloud workloads require sovereignty certifications like SecNum (ANSSI – France) or C5 (BSI – Germany).

ZT can help a long way to SOC-2 Type II and other cloud audits in both IT and telecom.

Key Figure

704 cyberattacks

In 2021, manufacturing was a target for an average of 704 cyberattacks per week.

(source)

Benefits
  • Less downtime
  • Better security resilience for unknown threats
  • Better control of critical resources

Challenges/ threats
  • Lack of visibility into OT assets, infrastructure and data flow
  • Inadequate security knowledge for proper ZT planning and implementation

Maturity

2/5

The largest global enterprises have a relatively good level of ZT journey preparation, while many small and mid-size organizations still are behind and do not have an OT security strategy.

Use cases
  • Better control of supplier value chains
  • Improved visibility of assets communication
  • Secure identity and access management
  • Secure communication across OT sites and cloud
  • Better compliance with local and global regulations

Key Figure

736 cyberattacks

In 2021, energy and utilities were the target of an average of 736 cyberattacks per week.

(source)

Benefits
  • Less downtime
  • Better security resilience for unknown threats
  • Better control of critical resources

Challenges/ threats
  • Widespread infrastructure
  • Insufficient visibility of OT assets, infrastructure and data flows
  • Secure critical infrastructure
  • Lack of general knowledge about ZT

Maturity

2/5

Use cases
  • Better control of supplier value chains
  • Improved visibility of asset communication
  • Secure identity and access management
  • Better compliance with local and global regulations
  • Secure smart meters and IoT/IIoT connections

Key Figure

526 cyberattacks

Retail averaged 526 attacks per week.

(source)

Benefits
  • Less downtime
  • Better security resilience for unknown threats
  • Better control of critical resources

Challenges/ threats
  • Widespread infrastructure
  • Insufficient visibility of OT assets, infrastructure and data flows
  • Secure critical infrastructure
  • Lack of general knowledge about ZT

Maturity

2/5

Use cases
  • Better control of supplier value chains
  • Improved visibility of asset communication
  • Secure identity and access management
  • Better compliance with local and global regulations
  • Secure smart meters and IoT/IIoT connections

Key Figure

30%

of healthcare organizations considered zero trust to be a top priority in 2020 due to the pandemic (versus 17% globally).

(source)

Benefits
  • Improved control over connected medical devices
  • Better protection of sensitive health data

Challenges/ threats
  • Interconnection of connected medical devices and precision medicine technologies
  • Lack of resources and skills to secure the hospital’s supply chain
  • Lack of visibility over assets, infrastructure and data flows dealing with personal health information (PHI)

Maturity

3/5

2022 could be the year of zero trust in healthcare” as governments push more and more critical infrastructure (such as hospitals) in this direction.

Use cases
  • Enhanced visibility of all users and assets, including IoMT
  • Better manage access permissions and identities of people and devices trying to access PHI
  • Limit the attack surface and mitigate ransomware attacks risks
  • Comply with existing and forthcoming regulations for critical infrastructure

Compliance

Although they are not directly related to zero trust frameworks, a zero trust approach can help become compliant with regulations that define how to protect sensitive healthcare data — such as HIPAA, HITECH act and GDPR.

Share this article