Escalating cyber attacks drive zero trust adoption
May 3, 2022
Article
Quocirca’s Zero Trust Security Trends 2022 Study reveals that 76% of organisations reported an external attack such as malware or ransomware in the past year, with 90% expecting an increase in the number of security incidents in the coming year. As the threat landscape expands, 91% of organisations report that Zero Trust is critically or very important to their business.
The expanded threat landscape
The massive shift to a hybrid workforce is leading to exponential growth in the attack surface, as more devices and users connect to the network across multiple locations and across public cloud services and applications. This is driving momentum in Zero trust strategies, where the assumption is that nothing can be trusted implicitly or explicitly on the network.
Quocirca’s Zero Trust Security Trends 2022 Study of senior security professionals in the UK and US, found that just over three-quarters (76%) of the 202 organisations surveyed had suffered an external attack, such as malware or ransomware, in the past year, and 48% had experienced insider threats from careless users. In addition, 43% had suffered vulnerabilities through compromised user credentials, and 42% reported supply chain attacks.
This high level of threats is shaping the way organisations view the future and where they are focusing security investment. However while Zero Trust momentum may be growing, businesses have a blind spot around print devices in security infrastructure.
Key findings from the research include:
- 90% expect to experience more security incidents in the coming year, 40% expect a significant increase.
- 49% say a zero trust strategy is critically important to their business; 42% say it is very important.
- Only 16% of organisations perceive their print infrastructure as presenting a significant security threat, compared to external malicious attacks (32%)
- Securing the print infrastructure is the least common motivation for zero trust implementation although half of organisations saying that they have already included print in their zero trust strategy.
- 55% of organisations manage print security in-house; 18% rely on a managed print service provider, 17% use a managed IT service provider or MSSP with 10% using a hybrid approach (in-house and MSP)
The rise of zero trust
Overall, 42% of respondents said they had adopted a zero trust strategy – 47% in the US and 36% in the UK. Business and professional services organisations were most likely to have a zero trust strategy in place (56%), while public sector organisations were least likely to have implemented one (28%).
The most common reason for adopting a zero trust model is to protect sensitive data (38%), followed by keeping cloud deployments secure (29%). Just 10% indicated that securing the print infrastructure was a reason for implementing a zero trust strategy.
Print and zero trust
As sophisticated endpoints on the network that process sensitive data of all kinds, printers and MFPs should be treated in a similar way to all IT endpoints, with robust access control, management, and intrusion detection to ensure they are not compromised.
Half of respondents say that they include print as part of their zero trust strategy, with a further 39% planning to do so in the next 12 months. Companies operating in the finance sector are most likely to have already incorporated print infrastructure within their strategy (68%), and public sector organisations are the least likely (37%).
Zero trust-related features used in the print environment include identity access management (48%), and 43% use cloud print platforms that conform to zero trust. Organisations are also looking for built-in hardware security features (run-time intrusion detection, BIOS protection, self-healing firmware, in-memory breach identification, whitelisting, etc.).
How can MPS providers support the zero-trust journey?
MPS providers must build expertise to address the zero-trust requirements of their customers. This means offering and implementing a multi-layered security proposition to protect printing across the hybrid work environment. There are a range of opportunities for MPS providers deliver services that support an organisation’s zero trust strategy.
- Comprehensive security assessments. Through a comprehensive security assessment, an MPS provider can identify security gaps and recommend a security-led service offering that encompasses hardware, software and network security.
- Support multifactor authentication (MFA): MFA provides a greater level of control over who can access the network through requiring an extra level of security via a separate device. Cloud-based MFA services offer mitigation against malicious network ingress and Identity access management (IAM) and single sign on (SSO) technologies can also help in ensuring that greater security is in place.
- Rules-based and pull-printing. Pull printing ensures documents are only released to authenticated users and also enables organisations to track and audit print jobs by users.
- Network segmentation: An MPS provider may be able to provide network controls between each end-user access device and the print network through the application of an MPS service that abstracts the print activity away from the main network. This then makes it harder for malicious users to attempt to use printers as an attack vector.
- Continuous monitoring: The monitoring of the security posture of the network and all managed endpoints allows for better responses to zero-day threats. MPS providers are ideally positioned to provide such cloud-based services with continuous patching and updates of device firmware, print drivers and security policies, alongside the capability to analyse activity across a broad range of customers to help identify and deal with emerging threats.
For distributed print environments, MPS providers that provide cloud-based services are well positioned to support zero trust environments, with many platforms conforming to zero trust principles and supporting a range of MFA approaches.
Quocirca’s full report on zero trust trends contains recommendations for both buyers and suppliers around implementing zero trust strategies that incorporate print infrastructure.