by Dickson Woo, Country Manager, Malaysia, Fortinet

In today’s digital era, Malaysia is at a crossroads when it comes to cybersecurity. The growing adoption of hybrid and remote work models today has further exposed the vulnerabilities in organizations’ digital infrastructures.
 
A 2023 survey commissioned by Fortinet, in collaboration with IDC, found that an overwhelming 92% of Malaysian organizations have adopted such work models. This has inadvertently led to a jump in security incidents, with 86% of these organizations experiencing at least a twofold increase in such events. Cybersecurity Malaysia's Cyber999 Cyber Incident Response Centre reported that Malaysia witnessed 5,917 cybersecurity incidents as of December 2023.
 
This concerning trend is not confined to Malaysia alone. A recent Forrester report reveals that across the Asia Pacific region, organizations are increasingly embracing the concept of zero trust. The survey indicates that 80% of organizations are involving senior leadership in driving zero-trust strategies, with 78% allocating resources to support this initiative.
 
However, it's essential to recognize that resources and leadership are only part of the equation. Organizations must also instigate a cultural shift regarding access, fostering a 'trust-no-one' mindset that aligns with business objectives. Here are three fundamental principles underpinning a successful zero-trust strategy:
 
Access Management:
An effective zero-trust strategy relies on security teams understanding their assets and resources, and determining the specific access required for employees to perform their jobs. Zero-Trust Network Access (ZTNA) plays a crucial role by continuously verifying users and devices, irrespective of their location. This reduces reliance on virtual private networks (VPNs) and enhances security through measures like Multi-factor Authentication (MFA). When selecting a ZTNA solution, organizations should prioritize those enforcing "least privilege" principles, ensuring users access only the necessary applications and files for their roles.
 
Extending Security to Devices:
With the increasing importance of device security, particularly with the growth of Internet of Things (IoT) technologies, network access controls (NAC) become vital. NAC provides greater visibility into IoT devices, allowing security teams to grant them the minimum network access required for specific functions. This is particularly critical as IoT devices often lack built-in security features and processing power for software installations.
 
Creating an Inclusive Ecosystem:
Zero trust requires seamless integration among various security tools. Organizations, especially those with hybrid networks or multiple cloud platforms, must ensure that their solutions safeguard both remote and on-premises workers. Recognizing that the internet is now the perimeter, organizations should apply a level of suspicion to users and devices on the network. Zero trust is fundamentally about verification—ensuring that users and devices have access only when verified and to what is necessary.
 
The internet is the new perimeter and it’s imperative to leverage every available security measure, especially in the face of escalating and sophisticated threats. Fundamentally, the essence of zero trust lies in meticulous verification, ensuring that users and devices are granted access solely to requisite resources, contingent upon successful verification.
 
Initiating the foundational framework for zero-trust network access propels organizations toward a trajectory of straightforward, automated secure remote access. This process substantiates the verification of the identities of users and devices on the network. Notably, it empowers network administrators to establish and regulate secure access to the organization's digital assets. This regulation encompasses scrutiny of user identity, device identity and health, geolocation, time of day, and permissions. Consequently, organizations can alleviate the burdens on IT security personnel while markedly enhancing their security posture.