These  risks,  known  as  insider  threats, account  for  60%  of  data  breaches and  can  be  malicious  or
            accidental.

            Zero trust is about managing the blast radius – meaning, if and when something bad happens,  what is
            the  size and  amount  of the  damage;  likewise,  how  long does  it  take teams  to detect  the  breach  and
            perform  remediation?  This  model  maintains  strict  access  controls,  verifies  everything  and  monitors
            continuously. Zero-trust architecture also divides the network through microsegments to isolate and block
            attacks, restricting the lateral movement of bad actors should they gain access.

            A zero-trust model transforms a simple castle into a labyrinth of passageways,  gates, and checkpoints,
            minimizing the damage from intentional and unintentional threats. While this approach may seem overly
            distrustful of employees, it is more than appropriate in today’s unpredictable threat environment.



            Every Individual Has a Role to Play in Security

            Cybersecurity  is  constantly  evolving  with  the  introduction  of  new  technologies.  Generative  AI,  for
            instance, benefits businesses and bad actors alike, forever changing the landscape. Although technology
            continuously evolves, causing techniques and best practices to become irrelevant overnight, humans will
            always be a core element of any risk management  strategy.  As such, businesses  must remember  the
            influence each member of the organization has on the organization’s security wellness or lack thereof.






            About the Author

            Sam  Rehman  is  Chief  Information  Security  Officer  (CISO)  and  Head  of
            Cybersecurity  at  EPAM  Systems,  where  he  is  responsible  for  many
            aspects of information security.   Mr. Rehman has more than 30 years of
            experience  in  software  product  engineering  and  security.  Prior  to
            becoming EPAM’s CISO, Mr. Rehman held a number of leadership roles
            in  the  industry,  including  Cognizant’s  Head  of  Digital  Engineering
            Business,  CTO  of  Arxan,  and  several  engineering  executive  roles  at
            Oracle’s Server Technology Group. His first tenure at EPAM was as Chief
            Technology Officer and Co-Head of Global Delivery.

            Mr.  Rehman  is  a  serial  entrepreneur,  technology  expert  and  evangelist  with  patented  inventions  in
            software  security,  cloud  computing,  storage  systems  and  distributed  computing.  He  has  served  as a
            strategic  advisor  to multiple  security and  cloud companies  and is a regular contributor  in a number of
            security industry publications.

            LinkedIn

            Website: https://www.epam.com/






            Cyber Defense eMagazine – July 2024 Edition                                                                                                                                                                                                          53
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.