{"id":61917,"date":"2023-04-20T09:52:27","date_gmt":"2023-04-20T13:52:27","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=61917"},"modified":"2024-11-14T19:26:30","modified_gmt":"2024-11-15T00:26:30","slug":"top-zero-trust-security-stats","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/top-zero-trust-security-stats","title":{"rendered":"The Top 20 Zero Trust Security Stats You Need to Know"},"content":{"rendered":"\n
Zero Trust security<\/a> has come a long way since it was first introduced over 10 years ago. Initially, it took a while for it to gain traction, but the mass shift to remote work in 2020 brought to light the need for more comprehensive security that can account for distributed environments. <\/p>\n\n\n\n This need, combined with significant rises in cybercrime, drove more businesses to shed their traditional perimeter security<\/a> for a better-fitting Zero Trust security model.<\/p>\n\n\n\n However, Zero Trust is far from universal: the business community seems to be in a transitional phase in terms of its adoption. The merits of Zero Trust are becoming generally accepted, but companies find themselves at different stages in their adoption journeys.<\/p>\n\n\n\n To better understand the current state of Zero Trust, we\u2019ve pulled some of the most important stats that characterize today\u2019s threat landscape, Zero Trust\u2019s role within that landscape, and the resources and tools organizations are using to implement Zero Trust in their environment.<\/p>\n\n\n\n We\u2019ll start by examining today\u2019s threat landscape: what are the top security threats, who is at risk, and what are the costs of being hit by an attack?<\/p>\n\n\n\n Source<\/a><\/p>\n\n\n\n Source<\/a> <\/p>\n\n\n\n Source<\/a> <\/p>\n\n\n\n In 2020, small businesses experienced about half the number of attacks as large enterprises did. In 2021, that number grew to 86%, creating a percent difference of only 15% between attacks on small and large businesses. <\/p>\n\n\n\n Source<\/a> <\/p>\n\n\n\n Source<\/a> <\/p>\n\n\n\n That\u2019s $380,000 more than a data breach that doesn\u2019t involve ransomware. This cost doesn\u2019t include the cost of the ransom payment, which averages $170,404<\/a>. <\/p>\n\n\n\n Source<\/a> <\/p>\n\n\n\n Bad actors have begun franchising their ransomware attack methods. Paid ransoms in a ransomware attack go to the cybercriminals responsible, who then use the money to fund their next attack. <\/p>\n\n\n\n Because ransomware payouts are usually high, cybercriminal groups can afford to source many fast and skilled workers to plan and execute the next attack.<\/p>\n\n\n\n And because these operations aren\u2019t held to the above-board standards of typical DevOps cycles, they can often work more nimbly than their legitimate counterparts. <\/p>\n\n\n\n This means ransomware often develops faster than the counter methods developed to thwart it, making ransomware security and prevention an uphill battle. <\/p>\n\n\n\n Source<\/a> <\/p>\n\n\n\n S<\/a>ource<\/a><\/p>\n\n\n\n Source<\/a> <\/p>\n\n\n\n In the last three years, many businesses turned their sights to mission-critical work and away from security to stay afloat in a newly distributed working world. <\/p>\n\n\n\n This shift in focus led to frequent weak points in distributed infrastructures, which increasingly became targets for hackers as they perfected their techniques for methodically finding and exploiting common vulnerabilities in distributed infrastructures. <\/p>\n\n\n\n What\u2019s more, cybercriminal groups are increasingly exploiting them with ransomware attacks that grow exponentially through exorbitant ransom payouts. Thus, the frequency and cost of breaches are up, making the need for Zero Trust security more critical than ever. <\/p>\n\n\n\n In such a treacherous environment, businesses need a security approach that can effectively guard against attacks and mitigate risks, should one occur. Let\u2019s shift our sights to Zero Trust, including how well it stacks up against today\u2019s threats, and how organizations are approaching its adoption. <\/p>\n\n\n\n Source<\/a> <\/p>\n\n\n\n Source<\/a> <\/p>\n\n\n\n Source<\/a><\/p>\n\n\n\n Source<\/a> <\/p>\n\n\n\n Zero Trust is gaining recognition and adoption among SMEs, although SMEs\u2019 Zero Trust adoption<\/a> seems to lag behind businesses of other sizes and locations. However, SMEs can\u2019t afford to lag behind other sectors: they\u2019re now targeted at almost the same rate<\/a> as large companies are.<\/p>\n\n\n\n SMEs that consider security a problem for just the large enterprises will fall behind the curve, leaving themselves vulnerable to attack \u2014 and attacks are costly and damaging enough to drive an SME out of business. <\/p>\n\n\n\n In a world where security breaches must be considered a when not an if, mitigating the costs of a breach is critical to a business\u2019s survival. <\/p>\n\n\n\n There could be several reasons for slower adoption rates among SMEs. For one, SMEs are generally working with leaner teams and budgets than their larger counterparts. They also tend to grow and pivot quickly, making it more difficult for IT departments to make quick Zero Trust progress<\/a>. <\/p>\n\n\n\n Another possible explanation for this gap could be SMEs\u2019 lack of familiarity with Zero Trust: in a 2022 JumpCloud survey<\/a>, 20% of SME IT professionals who responded didn\u2019t know whether their organization was implementing Zero Trust.<\/p>\n\n\n\n SMEs could be implementing Zero Trust principles without tying them to the Zero Trust name; for example, SMEs are still prioritizing Zero Trust-friendly initiatives, like layering security to protect their distributed infrastructures. They also seem to be embracing Zero Trust tools and implementations, which we\u2019ll explore further below.<\/p>\n\n\n\n To dive deeper into this lack of Zero Trust adoption among SMEs, read the blog, Why Haven\u2019t More SMEs Adopted Zero Trust?<\/p>\n\n\n\n Source<\/a> <\/p>\n\n\n\n Source<\/a><\/p>\n\n\n\n Source<\/a> <\/p>\n\n\n\n Source<\/a><\/p>\n\n\n\n Source<\/a> <\/p>\n\n\n\n Source<\/a><\/p>\n\n\n\n That\u2019s one rank higher than it received in 2021 when SME IT professionals rated it the 6th most important.<\/p>\n\n\n\n Source<\/a> <\/p>\n\n\n\n IT departments face many challenges, many of which the shift to remote work in 2020 caused or exacerbated. Fortunately, Zero Trust architectures are designed to unify and secure the elements of a decentralized network and can solve the majority of these struggles. <\/p>\n\n\n\n Zero Trust progress varies widely. However, one area where the majority of organizations have made significant progress is multi-factor authentication (MFA), which is highly effective<\/a> in preventing account compromise and critical to a Zero Trust implementation. MFA meets Zero Trust\u2019s requirements for authentication security where traditional passwords fail.<\/a> <\/p>\n\n\n\n A true Zero Trust architecture uses MFA everywhere; secure authentication at every access transaction helps prevent lateral movement, minimizing damages in case of a breach. <\/p>\n\n\n\n Again, organizations are making progress here: 45.6% of SMEs<\/a> have implemented MFA everywhere, and another 43.3%<\/a> are using it only in certain places. <\/p>\n\n\n\n Expanding a partially implemented MFA is one of the best ways to get a jump-start on your Zero Trust plan. Learn more in our blog, Zero Trust: Where and How to Get Started<\/a>. <\/p>\n\n\n\n Organizations are not quite as far along on their Zero Trust journeys in other areas. With mobile device management (MDM<\/a>), for example, the vast majority (98%) of IT professionals at enterprise companies don\u2019t feel their MDM tools grant them the visibility they need, and the majority of SME IT professionals agreed that device management is a top challenge. <\/p>\n\n\n\n In the same vein, patch management has proven difficult for organizations in the face of remote work. <\/p>\n\n\n\n The device-related complications that decentralized work environments create can be solved with a robust MDM tool. They help organizations view, secure, and manage all the devices accessing corporate resources \u2014 including employee-owned devices<\/a>.\u00a0<\/p>\n\n\n\n MDM tools that combine with the organization\u2019s identity and access management (IAM)<\/a> system provide the best security and usability. Tools that combine MDM and IAM (referred to as UEM<\/a>) allow organizations to assign devices to users, contextualize policy creation, and manage users and devices more holistically. <\/p>\n\n\n\n Similar to the benefits of combining IAM and MDM, unifying more elements of your stack can lead to better security: as exemplified in the numbers above, higher complexity leads to higher breach costs. This correlation can be attributed to several things. <\/p>\n\n\n\n First, complex systems tend to have more integrations and dependencies, which can become weak points that hackers have learned to look for and exploit. <\/p>\n\n\n\n In addition, complex systems are more likely to have cloudy visibility; the more elements in an infrastructure, the more difficult they are to track without the right tools. And untracked elements are unprotected elements.<\/p>\n\n\n\n The best way to combat these challenges is through tool unification and consolidation. JumpCloud,<\/a> for example, offers a comprehensive directory that combines IAM, MDM, patch management<\/a>, MFA, single sign-on (SSO)<\/a>, and more \u2014 all with the telemetry and security to keep your infrastructure tracked and protected. <\/p>\n\n\n\n\nThe Zero Trust Threat Landscape <\/h2>\n\n\n\n
1. There were 70% more data breaches in 2022\u2019s Q3 than in Q2.<\/h3>\n\n\n\n
2. The average cost of a data breach rose from $4.24 million in 2021 to 4.35 million in 2022, representing a 2.6% increase.<\/h3>\n\n\n\n
3. The gap in attack frequency between small and large businesses is closing. <\/h3>\n\n\n\n
4. There were a total of 236.1 million ransomware attacks worldwide during the first half of 2022.<\/h3>\n\n\n\n
5. The average cost of a ransomware attack is about $4.54 million, not including the cost of the ransom itself. <\/h3>\n\n\n\n
6. Ransomware breaches take 49 days longer than average to identify and contain.<\/h3>\n\n\n\n
What Are New Ransomware Models?<\/h2>\n\n\n\n
7. Credentials are the top data type involved in a breach. <\/h3>\n\n\n\n
8. Personal data is the second-most common type of data involved in a breach. <\/h3>\n\n\n\n
9. 81.4% of SME IT professionals agreed that remote work increased their focus on security. <\/h3>\n\n\n\n
What the Numbers Say<\/h3>\n\n\n\n
Zero Trust in Organizations Today<\/h2>\n\n\n\n
10. Zero Trust reduces the cost of a data breach by about $1 million. <\/h3>\n\n\n\n
11. 41% of organizations said they have deployed a zero trust security architecture, while 59% said they haven\u2019t. <\/h3>\n\n\n\n
12. 58.6% of US and UK SMEs are pursuing, or plan to pursue, a Zero Trust program. <\/h3>\n\n\n\n
13. Adding layered security so work-from-anywhere models are truly secure was named the number one priority for IT professionals at SMEs in both 2021 and 2022. <\/h3>\n\n\n\n
What the Numbers Say <\/h3>\n\n\n\n
Tools and Implementations<\/h2>\n\n\n\n
14. 45.6% of SMEs are using MFA. <\/h3>\n\n\n\n
15. 57% of organizations found that the shift to decentralized work made patch management harder. <\/h3>\n\n\n\n
16. Only 2% of IT workers at enterprise companies felt that their MDM\/EMM tools granted them adequate visibility.<\/h3>\n\n\n\n
17. 59% of IT decision-makers said it was difficult to keep up with securing employee devices while working remotely.<\/h3>\n\n\n\n
18. About half of IT professionals use more than 25 systems to manage their identities, and 21% use more than 100.<\/h3>\n\n\n\n
19. Implementing single sign-on (SSO) or unifying identities was ranked 5th on SME IT professionals\u2019 priority list for 2022.<\/h3>\n\n\n\n
20. The average cost of a data breach for critical infrastructure organizations was USD 4.82 million, 1 million more than the average cost for other industries. <\/h3>\n\n\n\n
What the Numbers Say<\/h3>\n\n\n\n
The Need for Tool Unification and Consolidation<\/h2>\n\n\n\n