Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity Leadership and ManagementLogical SecuritySecurity & Business Resilience

The new normal: How to embrace a cultural approach to zero trust

By Gary Barlet
Five hands circled together

Image via Unsplash

July 15, 2024

Today’s bad actors are increasingly ruthless and hostile. With the threat landscape ever evolving, combating increasingly sophisticated attacks necessitates a shift in focus from tools to culture. As social engineering schemes and AI-driven threats ramp up, it becomes increasingly evident that a modern, successful cyber defense requires a comprehensive, holistic approach — one that accounts for technology principles alongside human awareness and behavior.  

Cyber resilience can no longer be achieved by implementing new security tools or measures alone. Cyber resilience starts with building a culture of resilience that hinges on fostering vigilance and skepticism. There needs to be a proactive approach to security that eliminates the need to “overtrust” in the name of output and productivity.  

Central to this cultural transformation is the concept of “zero trust”, a cybersecurity best practice based on the principles of least privilege and assume breach. In short, zero trust is a framework based on the idea of “never trust, always verify.” And while trust may be a human emotion, against the backdrop of today’s threat landscape, there’s no place for it in the digital world.  

A much-needed mindset shift 

A resilient security strategy isn’t just about the tools — it’s also about individuals’ collective mindset. At this point in time, cyber resilience can’t be achieved at the behest of the CISO or the SecOps team alone. It requires buy-in from the entire organization, from IT to HR, from accounting to the C-suite. A mindset influences the tools an organization adopts and the way decisions are made. In an era where trust is easily exploited and the attack surface continues to expand, individuals must adopt a more skeptical, vigilant mindset. Anyone who fails to do so creates a security handicap which bad actors can exploit. 

In fact, Verizon’s 2023 Data Breach Incident Report found that 19% of data breaches stemmed from internal actors, who caused either intentional or unintentional harm through misuse and human error. Plus, bad actors are seeing success in exploiting trusted relationships to capitalize on the hyperconnectivity of the software supply chain. According to CrowdStrike’s 2024 Global Threat Report, “Adversaries are maximizing their return on investment (ROI) by targeting vendor-client relationships, creating a single access point to target multiple organizations across verticals and regions. By exploiting access to IT vendors and compromising the software supply chain, they use trusted software to spread malicious tools.” 

In today’s world, organizations and individuals alike must approach inquiries and connections with a critical eye. But even despite organizations’ best efforts, the reality is that at some point there is bound to be one bad actor who breaks in and breaks through perimeter defenses or bypasses trusted relationships. While threat prevention is an essential element to prioritize, mitigating the repercussions of a breach must take precedence. Zero trust mandates a paradigm shift — necessitating a departure from traditional perimeter-based security models towards a more granular, identity-centric approach. 

Adopting zero trust entails not only deploying advanced technological tools and safeguards but also cultivating a mindset of continuous skepticism and validation — i.e. regularly practicing “assume breach.” It involves fostering a workplace standard where questioning the integrity of systems, solutions and data becomes second nature, and where individual employees assume responsibility for safeguarding against potential threats.  

It’s up to organizations to foster that environment of continuous learning, of course (especially as threats rapidly evolve) and offer employees the opportunity to participate in tests, workshops and incident response plans. While it’s up to employees to practice due diligence, it’s up to organizations and business leaders to ensure that they’re enabling the workforce with the resources and learning opportunities needed to effectively put what they’ve learned into practice.  

What’s next for business leaders  

So, how can business leaders ensure their employees are more discerning users of the technology they’re using? As cliche as it may sound, the answer is through greater communication. To build a culture that aligns with the principles of zero trust, all members of an organization must understand why they should be wary of automatically trusting communications and the gravity of misplaced trust, which is something that must be communicated from the top down. This encompasses providing comprehensive training programs, reinforcing the importance of cybersecurity protocols and fostering a culture of open communication where security concerns are addressed transparently and promptly.  

Business leaders can’t simply expect their CIOs and CISOs to shoulder this responsibility. They themselves must set the example of the zero trust mindset, demonstrating a commitment to cybersecurity best practices and actively participating in initiatives to enhance cyber literacy and organizational resilience. By prioritizing cybersecurity as a strategic imperative and embedding it within organizational culture, businesses can fortify their defenses against evolving threats and mitigate the risk of costly breaches. While a zero trust culture can’t be built overnight, it’s important to start somewhere. 

In short, today’s increasingly sophisticated threat landscape warrants a more holistic approach to resilience that transcends technological solutions. New security tools will enter the cybersecurity industry, sure, but as new technologies emerge and more connections are made, it will become even more important for individuals to be discerning users — questioning and considering before handing over the keys to the metaphorical IT castle. While breaches do happen, by cultivating a culture rooted in the principles of zero trust, organizations will be better able to strengthen their defenses and adapt to the ever-changing threat landscape with confidence — trusting that their people are not a handicap on their cyber resilience journey, but instead a strategic enabler. It takes time, but it’s an essential investment to make. 

KEYWORDS: organizational risks security culture threat landscape workplace culture zero trust

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Gary barlet headshot

Gary Barlet is Federal CTO at Illumio. Image courtesy of Barlet

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
close

1 COMPLIMENTARY ARTICLE(S) LEFT

Loader

Already Registered? Sign in now.

Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Half closed laptop

Sudo Vulnerability Discovered, May Exposes Linux Systems

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cybercamera

    Why Financial Services Must Adopt a Zero Trust Approach to Cybersecurity

    See More
  • white-house-freepik1170x658.jpg

    White House instructs agencies to adopt zero trust approach to cybersecurity

    See More
  • Growing and Gaining

    Want to Avoid Being Scapegoated For the Next Breach? You Need Total Trust Alongside Zero Trust

    See More

Related Products

See More Products
  • school security.jpg

    School Security: How to Build and Strengthen a School Safety Program

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!