Zero Trust study highlights rising concern over identity security

According to a new global study by Entrust, identities have emerged as the highest priority risk area for organisations when devising a Zero-Trust strategy. Revealed by the Entrust Cybersecurity Institute, the 2024 State of Zero Trust and Encryption Study underscores the urgency of implementing robust security measures to mitigate cyber risks.

The survey, conducted by the Ponemon Institute, highlights a marked shift in motivations driving security investments. Once primarily a matter of regulatory compliance, enhancing security to pre-empt data breaches has become paramount. This shift is particularly notable in Australia and New Zealand (ANZ), where 40% of respondents prioritise security to improve visibility into their applications and networks.

"With the rise of costly breaches and AI-generated deepfakes, synthetic identity fraud, ransomware gangs, and cyber warfare, the threat landscape is intensifying at an alarming rate," commented Samantha Mabey, Director of Solutions Marketing at Entrust. "Implementing a Zero Trust security practice is an urgent business imperative, crucial for the security of organisations' and their customers’ data, networks, and identities."

The study surveyed 4,052 IT and IT security practitioners across multiple regions, including the United States, the United Kingdom, Canada, Germany, ANZ, Japan, Singapore, and the Middle East. Of these, nearly two-thirds indicated that cyber-risk concerns are the principal drivers for implementing a zero-trust strategy, a sentiment echoed even more strongly in the ANZ region. Here, 30% of organisations cited the risk of cyber breaches, and 33% highlighted the expanding attack surface as a key motivator.

Despite a reported increase in senior leadership support for Zero Trust frameworks—58% in ANZ—the progress is hampered by a lack of necessary skills and budget allocation. This discrepancy between support and resource allocation remains a significant roadblock for many organisations.

Zero Trust adoption spans a wide spectrum within the ANZ region. Twenty-five percent of organisations have fully implemented Zero Trust principles, yet a third have not yet begun their journey. This diversity in adoption rates suggests a varied landscape where certain organisations forge ahead while others lag behind, possibly due to a dearth of resources or expertise.

Good cyber hygiene alone has proven insufficient to safeguard against all threats. System or process malfunctions exposing sensitive or confidential data emerged as the top security concern for 44% of respondents, followed by threats from hackers and unmanaged certificates. Interestingly, employee mistakes, which had previously been a major concern, are no longer viewed as the top threat.

Credential management continues to present challenges for Chief Information Security Officers (CISOs). A significant 50% of respondents pointed to the lack of clear ownership as a primary hurdle, while 42% cited both a shortage of skilled personnel and a lack of clear understanding of requirements. These elements underline the complexities involved in managing credentials effectively.