The new trust
Business has always relied upon a foundation of trust. Before we did business we looked our potential business partner in the eye, shook their hand and got a sense of their trustworthiness.
But trust today is based on many different things. Business interactions are increasingly online, virtual and (often) don’t involve another human being. How can we gauge trust in this digital wilderness? How can we:
- Make sure the people (and devices) we’re connecting with are legitimate?
- Know that the data we consume is safe?
- Ensure we’re not subject to security breaches?
- Make sure the applications and services we run haven’t been compromised?
It isn’t easy. Today the threat surface is exponentially larger, and the impact of lapses in security are huge. Not just in terms of legal, regulatory and remediation costs, but more importantly, the cost of lost customer loyalty. A Forbes Insights report found that nearly half (46%) of all organizations have experienced reputational and brand damage due to a third-party security breach.
There is a bottom line, and it is simple: with pronounced and practically unanimous appreciation, digital trust belongs on the boardroom agenda for every organization.
Digital trust matters
In order to examine how enterprises, their business partners and consumers are faring with digital trust, DigiCert commissioned the DigiCert 2022 State of Digital Trust survey. In this survey we explore how enterprises, employees, business partners and consumers around the world are embracing digital trust.
All (100%) of enterprises surveyed say digital trust is important (90% say it is extremely important). So important, in fact, that nearly two-thirds have switched vendors after losing trust in that vendor. And nearly all (99%) enterprises believe it is possible that their customers would switch to a competitor if they lost trust in the enterprise. Nearly half (47%) believe that the outcome would be likely.
Respondents, whether representing businesses or consumers, clearly appreciate the role of digital trust in the cyber world. It underpins basic online interactions of every kind, legitimizes people and devices, affirms the safety of accessed data and services, reduces exposure to security threats, and verifies applications and services. It is therefore reasonable that IDC Research Director Jennifer Glenn regards digital trust as the foundation for securing the connected world, necessary for customer, employee, and partner confidence in the security of online business processes and interactions.
In an environment with an expanded threat surface and a simple but powerful motivation for bad actors (financial reward), it is clear why digital trust is necessary. Simply put, being online is risky and being hoodwinked may come with severe consequences for both individuals and organizations. Bad actors seek money through activities that breach trust through impersonation, extortion, misrepresentation, flattery, mendacity, or some combination of these and other chicaneries.
Digital trust is clearly on the agenda
Given that almost everyone surveyed indicated their appreciation of digital trust, it is not surprising that it is considered a priority. The typical respondent commenced work on digital trust two to three years ago, making 75% (or more) progress so far with expectations of reaching complete trust within the next one to two years. Arguably, however, digital trust is more of a journey than a destination, given the constantly shifting nature of the threat environment.
The fear of customer attrition directly translates into a digital trust goal: customer loyalty. Other goals (which contribute to customer loyalty) include reducing security issues, meeting regulatory, legal and compliance obligations with reduced cost, and improving brand perception.
Achieving digital trust improvements isn’t without its challenges. Topping the list of obstacles is managing digital certificates, rated as important by 100% of enterprises. Regulatory compliance and handling the scope of what they are protecting was a close second at 99%. Complexity rounds out the difficulties faced (securing dynamic, multi-vendor networks isn’t easy), while a lack of staff expertise is also cited.
With multiple initiatives, technologies, techniques, and products playing a role in achieving digital trust, respondents provided insight into the most commonly accessed and implemented approaches. Device identity and operations security is fully implemented by 74% of enterprise respondents, with zero trust policies fully implemented by 58%. The only other initiative implemented by more than half (55%) is certificate lifecycle management.
Other approaches include:
- PKI automation (46%)
- DevSecOps (42%)
- Participation in industry consortiums implementing PKI (41%)
- HTTPS everywhere (26%)
- Regulatory initiatives (e.g., NIST, eIDAS, HIPAA, etc.) (24%)
The good news: Digital trust is generally going well
The simple act of daily internet use attests to a generally reasonable job of digital trust.
The survey confirms this observation: with the goal of gaining customer trust, 98% of respondents rate their performance as “doing well,” with 61% “doing extremely well”. Breach prevention is similarly assessed as satisfactory, with 95% “doing well” and 51% “doing extremely well.” Against identity-based attacks, 94% rate performance as “doing well” and 50% as “doing extremely well.” In all the metrics assessed, at least seven of eight enterprises said they were “doing well.” Only when it came to preventing phishing or other email-based attacks and eCommerce website performance and availability, did this drop significantly (76% and 60% respectively).
That’s no reason for complacency, of course. The powerful motivator for bad actors remains. They are smart, well-resourced, and infinitely adaptable. The digital trust goal, again, is more a journey than a destination.
As a result, if it isn’t already (and all indications are that it is), digital trust must be a strategic imperative for every organization. It underpins fundamentals including brand and customer loyalty. Consider a Digital Trust Office as part of your technology function as awareness of and interest in digital trust grows. Enlist specialists.
And above all, know that digital trust matters to everyone online. Even bad actors who look for breach opportunities. For them, the easier the better.
Access the full DigiCert 2022 State of Digital Trust survey.
from Help Net Security https://ift.tt/92s5go0
0 comments:
Post a Comment