Cybersecurity Festival Day One: We are too fast to say we don't trust

player-id

JO2JH5X8-uSZKziPq

Trust is humanity's default position, but are we opening ourselves up to hurt?

Trust was a major topic of 2020, and looks set to be at the forefront of security leaders' minds in 2021. Trust in individuals (that they can work efficiently outside the office); in digital identities (that they can safely access corporate networks); in third-party suppliers (that they won't introduce weakness into our security posture) - the list goes on.

There is an increasing move towards zero-trust policies in the corporate world, but many of us are too quick to say we don't trust anyone, Crowdstrike technology strategist Zeki Turedi opined at the first day of Computing's inaugural Cybersecurity Festival last week.

"The reality as humans is that trusting others is our default position," Turedi said. "It actually really only takes a few simple steps for someone to gain our trust." That said, his session at the Festival did not revolve around humans' psychological trust; instead, he discussed digital trust, and specifically the digital supply chain.

"We as consumers are inherently placing our trust in organsations and assuming, or hoping, they will provide a duty of care with that information," he said. That duty of care is needed more than ever today: last year, Crowdstrike dealt with a 114 per cent year-on-year increase in sophisticated adversary activity. That isn't due to malware, or organisations not taking security seriously - it's because of very sophisticated actors who know how to abuse the digital supply chain, especially in the newly remote era.

To hear Turedi talk about Crowdstrike's handling of this higher attack volume, as well as the continued discussion on digital trust in a world of multiple environments, suppliers and nation state attacks, watch the video above.

Remember to register for the next day of the Cybersecurity Festival on the 23rd June, when we'll be running roundtables exploring the extended digital enterprise; the future of security operations centres; and zero-trust.