Certes' new white paper calls for data-centric cybersecurity shift
Certes has released a new white paper titled "Hope Is Not A Strategy: Rethinking Data Protection in the Age of Zero-Day Attacks," addressing the urgent need for a shift in cybersecurity strategies. The paper arrives amidst a marked increase in zero-day vulnerabilities, with 97 incidents reported in 2023 alone, reflecting a 56% rise over the previous year. This surge underscores the inadequacy of traditional perimeter security measures in safeguarding sensitive information.
In February, critical vulnerabilities in Microsoft Exchange servers were disclosed, enabling attackers to execute remote code and access sensitive data. This incident exemplifies the pressing necessity for a new cybersecurity approach, as outlined in Certes' research.
Simon Pamplin, CTO of Certes, stated, "The Microsoft Exchange vulnerabilities are just one example of how relying on perimeter defences leaves organisations exposed. To stay ahead, businesses need to shift focus from protecting the infrastructure to securing what really matters—the data."
The white paper illuminates the inherent challenges posed by zero-day vulnerabilities, which exploit security flaws unknown to software vendors during the attack. Although companies like Microsoft have responded with patches, these measures often leave gaps that unidentified vulnerabilities can still exploit. Consequently, organisations remain vulnerable to potentially devastating breaches and ransomware attacks, even with robust perimeter security in place.
Certes advocates for a fundamentally different approach to cybersecurity, one that assumes breaches are inevitable. Their solution, Data Protection and Risk Mitigation (DPRM) focuses on protecting the core target of any cyberattack: the data itself. The strategy calls for a shift from reactive to proactive measures, employing a zero-trust data access model. According to the white paper, this approach ensures that, even if attackers penetrate the infrastructure through vulnerabilities like those found in Microsoft Exchange, the data remains secure and ultimately worthless to the aggressors.
Simon Pamplin further elaborated, "Hope is not a strategy. To protect our data and systems from the ever-evolving threats of zero-day attacks, we must adopt robust, proactive measures beyond traditional perimeter security. Our zero-trust model ensures that even in the face of zero-day exploits, your data remains sovereign and protected."
The white paper's findings highlight the ineffectiveness of traditional perimeter defences against evolving threats. As zero-day vulnerabilities continue to surge, organisations worldwide must reassess their cybersecurity strategies and adopt a data-centric approach. Certes' approach, as detailed in the white paper, offers a robust defence against such threats, advocating that proactive data protection is essential for staying safe and secure.