#NSBCS.091 - Zero Trust: Beyond the Buzzword

Cyber Resilience
Written By Shane Bell

Source: NSB Cyber

 

Zero Trust: Beyond the Buzzword

Often dismissed as a buzzword, “Zero Trust” is in fact a critical framework that can help organisations reduce risk, strengthen resilience, and build trust with customers and stakeholders.

What is Zero Trust?

Zero Trust is a simple but powerful principle: never trust, always verify. Unlike legacy models that assume trust once inside the network perimeter, Zero Trust treats every user, device, and application as potentially compromised until proven otherwise - “Guilty until proven innocent” - if you will.

This approach ensures that access is:

  • Continuously verified;

  • Limited to the minimum necessary privileges; and

  • Context-aware, factoring in identity, device health, and behavioural patterns.

Why the Traditional Perimeter No Longer Works

The traditional “castle and moat” model for security relies on strong perimeter controls, such as firewalls, to keep attackers out. However, this model has become increasingly less comprehensive in the face of modern threats:

  • Remote work means employees and contractors access systems from anywhere, often on personal devices;

  • Cloud services decentralise data and applications, extending far beyond the corporate network;

  • Sophisticated attackers exploit stolen credentials, phishing, or insider access to bypass perimeter defences; and

  • Third-party vendors introduce additional entry points and risks.

With this model, once inside, attackers are often able to move laterally, escalating privileges and accessing sensitive data undetected, resulting in a far larger threat surface.

Common Misconceptions About Zero Trust

  • “It’s a product” - Zero Trust is not something you can buy off the shelf. It is a strategy and mindset that may leverage multiple technologies and require leadership buy-in.

  • “It slows down business” - When designed properly, Zero Trust actually improves user experience through single sign-on (SSO), adaptive authentication, and streamlined access.

  • “It’s only for large enterprises”- SMEs can adopt Zero Trust principles with cloud-based IAM, managed services, and security monitoring that scale to individual business needs.

Practical Steps to Get Started

Many organisations see Zero Trust as daunting, but it does not need to be a complete transformation. The best approach is to start small, focusing on a few practical steps that can deliver immediate impact. Introducing multi-factor authentication (MFA) across critical applications is an effective quick win, strengthening access security from the outset.

Segmenting networks to isolate sensitive systems also helps reduce the risk of lateral movement in the event of a breach, while applying least-privilege policies ensures that users only have the access they truly need.

Similarly, centralising control through cloud-based identity services can also simplify management and improve visibility.

Finally, running tabletop exercises to test how an organisation responds to access-control failures or insider threat scenarios provides valuable insights and builds resilience. Taken together, these incremental improvements build momentum, demonstrate early value, and lay the foundation for a broader Zero Trust strategy.

A Balanced Approach

For organisations of all sizes, Zero Trust represents a pragmatic response to today’s evolving cyber threat landscape. By starting with identity and access, building towards continuous monitoring, and embedding security into culture, businesses can create a layered defence that remains adaptive to change.

Ultimately, Zero Trust is more than a buzzword. It is a shift in mindset. Security is no longer about keeping threats out, but about validating every interaction. In an age where implicit trust is exploited as much as technical flaws, this approach ensures that organisations protect not just their networks, but also their people, data, and reputation.

What we read this week

  • Google Warns Gmail Users After Salesforce Database Breach - Google issued a warning to its 2.5 billion Gmail users to change passwords or enable passkeys following a data breach in a Salesforce-hosted corporate database. The breach, linked to the ShinyHunters group, exposed business contact information, fueling phishing and vishing attacks. While no consumer data was compromised, the incident risks targeted scams. Users should update credentials, enable two-factor authentication, and remain vigilant for suspicious emails.

  • Palo Alto Networks Confirms Data Exposure in Salesloft Drift Attack - Palo Alto Networks confirmed a data breach involving customer records and support case details due to a supply chain attack on the Salesloft Drift platform. The breach, part of a broader campaign exploiting OAuth tokens, risks credential misuse. No ransomware was involved, but affected organisations should audit third-party integrations, revoke suspicious tokens, and enforce zero-trust access controls to secure sensitive data.

  • Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack - Cloudflare has reported thwarting a massive 11.5 terabits-per-second DDoS attack, part of a surge in hyper-volumetric attacks over recent weeks. The attack targeted global infrastructure but was mitigated autonomously. Organisations should deploy advanced DDoS protection, monitor traffic spikes, and ensure redundancy to maintain service availability during such large-scale assaults

  • LNER cyber breach exposes passenger contact and journey data - UK train operator London North Eastern Railway (LNER) has disclosed a cyberattack at a third-party supplier that exposed customer contact details and journey records. The state-owned company, which operates intercity services on the East Coast Main Line, confirmed that no payment details, banking data, or passwords were accessed. Ticket sales and timetables were unaffected, and services continue as normal. LNER has urged passengers to be cautious of unsolicited emails or messages seeking personal details, stressing that banks need not be informed. The incident follows other recent transport sector breaches, including Transport for London in 2024.

  • ACSC issues high alert on Akira ransomware targeting SonicWall - The Australian Cyber Security Centre (ACSC) has issued a high-priority warning over Akira ransomware exploiting a SonicWall vulnerability. Attackers are targeting Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 or earlier. The flaw, tracked as CVE-2024-40766, allows unauthorised access and, under certain conditions, can crash firewalls. SonicWall confirmed the activity was not linked to a new zero-day but to this improper access control bug disclosed in August 2024. Organisations remain at risk unless both firmware and passwords are updated, with multiple Australian entities already under active targeting.

Shane Bell
Next

#NSBCS.090 - Beware of Vibe Coding: Lessons from the Malicious 'nodejs-smtp' NPM Package