#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News

Zero Trust | Breaking Cybersecurity News | The Hacker News

Category — Zero Trust
Zero Trust Security, Why It's Essential In Today's Threat Landscape

Zero Trust Security, Why It's Essential In Today's Threat Landscape

Jan 16, 2025
Coined in 2010 by Forrester Research , the term "zero trust" has long been hijacked by security vendors eager to take advantage of the hype that surrounds the concept. Today, it's so overused and misused that many see it as a meaningless buzzword—but that's far from the truth. In fact, its widespread misappropriation demonstrates the power of zero trust security. Why else would countless vendors try to capitalize on it? As they say, imitation is the sincerest form of flattery. Zero trust is not a mere label. Rather, zero trust is an architecture—though you'll also hear of a zero trust methodology, framework, paradigm, and infrastructure—and it's based on the idea of zero implicit trust, meaning no one should be trusted by default. The key zero trust principle of least-privileged access says a user should be given access only to a specific IT resource the user is authorized to access, at the moment that user needs it, and nothing more. Hence the zero trust maxim,...
5 Strategies to Combat Ransomware and Ensure Data Security in Microsoft 365

5 Strategies to Combat Ransomware and Ensure Data Security in Microsoft 365

Dec 02, 2024
As data breaches and cyber threats become the norm rather than the exception, the imperative to fortify cybersecurity measures has become critical. Microsoft 365, the leading enterprise productivity platform, is at the heart of many organizations' daily operations — and therefore is a prime target for cyber-attackers. Ransomware remains one of the most aggressive cyber threats to organizations. A reported 76% of businesses have experienced at least one attack within the last year , the results of which yielded disrupted operations, substantial financial losses, and reputational damage. For SaaS platforms like Microsoft 365, the threat is even more pronounced due to the vast amounts of sensitive data processed and stored daily.  Below, we will investigate the cybersecurity landscape surrounding Microsoft 365. As we do so, we will examine the prevalence of ransomware threats and identify many commonly implemented and robust strategies that are proven to enhance cyber resilience an...
Defensible Security Architecture and Engineering: Designing and Building Defenses for the Future

Defensible Security Architecture and Engineering: Designing and Building Defenses for the Future

Nov 25, 2024
As I usually say: 'attackers are lazy'. In other words, they always follow the path of least resistance. As defenders catch up with their tactics, techniques, and procedures, the asymmetric gap between offensive and defensive capability shrinks, pushing attackers to shift their battlefield strategy, perpetuating a game that repeats over and over again. Take, for example, endpoint protection. For the last few years, endpoint protection, detection, and response have been the centerpiece of security strategies. As modern endpoint security products get better at anticipating threats based on AI-based engines, providing richer visibility and more contextual detection capabilities, attackers are pivoting away from them, looking for 'blind spots' in your architecture, leveraging vulnerabilities and misconfigurations in network devices, supply chains, and even firmware embedded deep within devices, areas where security visibility is limited. This trend is particularly significant due to the ...
Beyond Castle Walls: Operational Technology and Zero Trust

Beyond Castle Walls: Operational Technology and Zero Trust

Nov 12, 2024
Throughout history, societies have protected their most valuable assets by building walls, fortresses, and moats. Whether it was a medieval castle or an ancient city-state, security meant keeping threats on the outside and creating barriers around the things that mattered most.  We took these principles with us as we moved into the digital age, designing network security with firewalls, access controls, and gated perimeters to protect digital assets. Firewalls and network devices became our virtual walls, defining trusted and untrusted zones, and keeping the "bad actors" at the gate. For years, this perimeter-based approach was the primary line of defense in the world of cybersecurity, establishing a digital fortress around systems and data. But just as history has shown us that walls and borders can be breached, so too has modern cybersecurity taught us that no perimeter is foolproof. As organizations increasingly connect their IT systems to the wider internet and integrate the...
Privileged Identity Management (PIM): For Many, a False Sense of Security

Privileged Identity Management (PIM): For Many, a False Sense of Security

Sept 09, 2024
Privileged Identity Management (PIM): PIM is described as a service within Microsoft Entra ID, designed to manage, control, and monitor access to crucial organizational resources, encompassing Microsoft Entra ID, Azure, and other Microsoft Online Services like Microsoft 365 and Microsoft Intune. In the cybersecurity landscape, Privileged Identity Management (PIM) emerges as a pivotal element, but its effectiveness in managing privileged access is subject to scrutiny. Integral to the broader identity and access management (IAM) framework, PIM's role in upholding the least privilege and just-in-time access principles is increasingly questioned amidst evolving digital threats. While theoretically vital for risk mitigation and regulatory compliance, the practical application of PIM, especially in complex cloud and IT environments, often reveals limitations in its ability to adapt to sophisticated cyber threats. This dichotomy between PIM's intended role and its real-world effica...
Achieving Data Resilience in Microsoft 365

Achieving Data Resilience in Microsoft 365

Sept 01, 2024
In our current tech landscape, dealing with cybersecurity incidents like ransomware and other disasters is unavoidable. To keep your business running, you need to be able to take disruptions and cyberattacks in stride. This means being able to not just bounce back from an outage or data loss situation — but bounce forward each time. This is at the heart of data resilience. Read on to learn more about how to keep your organization moving forward, no matter what comes your way. Stay Ahead of the Curve As cybersecurity threats and ransomware attacks continue to increase and evolve, it's critical that you stay ahead of the curve when it comes to keeping up with cybersecurity trends. Cyber threats are evolving quickly into more sinister and dangerous variants, and they won't wait for your defenses to catch up. Some of the top cybersecurity and data protection trends this year include using zero trust principles like multi-factor authentication (MFA) systems, passkeys, and password-less...
Cybersecurity Resources