Other countries worldwide are following suit and using GDPR as a model . In the US , there are five states with new consumer privacy laws that take effect in 2023 and more states are considering legislation .
As pressure to implement Zero Trust intensifies , I predict that a role analogous to a ‘ Chief Zero Trust Officer ’ will emerge within some large organizations . This person will be the Zero Trust czar for the enterprise and will be the individual responsible for driving a company on its Zero Trust journey . Their job will be to bring together siloed organizations and vendors and ensure that all teams and departments are aligned and working toward the same goal .
If resistance is encountered , the Zero Trust czar should have the backing of senior leadership ( CIO , CISO , CEO , Board of Directors ) to make decisions quickly and cut across organizational boundaries to keep the process moving ahead . Whether the very bold title of Chief Zero Trust Officer becomes reality or not , an empowered individual with a clear mandate and a singular focus may just be the key to getting Zero Trust across the finish line in 2023 .
2023 sees the death of ‘ the password ’
Phishing attacks continue to be a significant problem for companies around the world . Even with regular security awareness training , users will eventually click a wrong link and fall victim to an attack . And unfortunately , most cyberattacks begin with a phishing email .
Cloudflare itself was attacked this year by a sophisticated , targeted SMS-based phishing attack . A total of 76 Cloudflare employees received the phishing link in text messages on their phones . Three employees fell for the attack and clicked the link and entered their credentials . But unphishable , multi-factor authentication in the form of FIDO2-compliant security keys in conjunction with Zero Trust access prevented the attacker from breaching our systems . Other companies that used less secure Time-Based One- Time Passwords ( TOTP ) weren ’ t as lucky and many were breached by the same attackers .
Username and password authentication even when combined with common forms of multifactor authentication is just not enough anymore . Enterprises can enable stronger FIDO2-compliant security keys along with Zero Trust access today if
76 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com