IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Shield protecting network of interconnected computers with digital threat icons
#
Firewalls
#
Network Security
#
Advanced Persistent Threat Protection

Cyberattacks: Preventable or par for the course?

Wed, 15th Oct 2025
By John Linford, Security Portfolio Forum Director, The Open Group

Around the world, cyberattacks now rank among the biggest threats to major businesses. In the UK, for example, several well-known retailers, from M&S and Co-op to Jaguar Land Rover and Harrods, have been subject to recent cyberattacks that caused significant disruption to operations. While in North America, attacks on the aerospace sector are increasing, from Hawaiian Airlines and WestJet in June, to Collins Aerospace in September, causing flight disruptions across the globe.

Prioritizing the Principle of Zero Trust

As AI increases the efficiency of workflows and resilience, it also accelerates the creation of new methods and more efficient workflows for cyber-criminals to use. To keep up with the ever-evolving nature of risk, no single solution can be considered secure in the long-term. Instead, flexibility must be a priority. This is where Zero Trust is vital, working on data, not assumptions. 

Modern Zero Trust originated in many ways from the work by the Jericho Forum to emphasize de-perimeterization and is reinforced by John Kindervag, credited with popularizing the principle of Zero Trust in 2009, who emphasized that the idea of trust in cybersecurity being a factor driving vulnerability. Talking to Gartner's Neil MacDonald, he said that "Zero Trust is not a technology; it's a security philosophy that rewires how we think about access".

Unfortunately, the importance of this statement has not been reflected in industry adoption. Though 96% of corporations have incorporated or plan to incorporate a Zero Trust strategy, only 35% are actively in the implementation phase, according to a survey released in April. To combat cyberthreats, there must be an agreed understanding of what Zero Trust is and a concerted effort to implement it as quickly as possible.

Driving Implementation

Zero Trust is a principle that focuses on data/information security, including lifecycle, on any platform or network. An example of its implementation is through the performance of security checks on a case-by-case basis, requiring deliberate decision-making about the risk (i.e., accept, mitigate, transfer). This approach can provide the flexibility needed to protect users and safeguard their data in a landscape where threats continue to evolve and breaches are inevitable.

With this background, it's easy to see the role Zero Trust strategies play in mitigating the impact of action taken by cybercriminals. However, this should not encourage companies to become stationary in their approach. To ensure resilience, the security infrastructure must move with the times, consistently aware that any aspect of the technology stack could become vulnerable to counterfeiting and error. To balance the risk, security decision-makers must track new threat attempts and techniques, updating internal infrastructure in tandem.

To create a robust cybersecurity strategy, every element of internal infrastructure, and every individual's access, must be continually questioned and updated, when necessary, to protect from the advancing risk of a breach.

What Does Zero Trust Mean for Strategy?

The first step to an infrastructure that successfully reflects the principle of Zero Trust is to build on tested and vendor-neutral definitions of the methodology, alongside standards and best practices, to future-proof resilience in the face of evolving threats.

This will not require a total revamp of every aspect. Instead, it will call for long-term dedication to strengthening the current tech stack in line with the principle of Zero Trust and its implementation. As cyberthreats continue to advance, so will security strategies. It's up to businesses to redefine their approach, stopping malicious actors from moving between a network's points of value following a breach.

While what that looks like in practice will be slightly different for different organizations, there are universal principles which can effectively guide their decision-making towards good outcomes. A few examples from the Zero Trust Commandments include the need for corporations to enable pervasive security, integrated through culture and processes, implement asset-centric controls, and validate trust explicitly using all relevant information available.

In a landscape of wary consumers, faced frequently with new stories of breaches and stolen data, the businesses who succeed will be those actively demonstrating commitment to Zero Trust.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Cloud breaches driven by identity failures & process flaws
CFOs prioritise data access as overwork undermines decisions
CrowdStrike & CoreWeave unite to secure advanced AI cloud workloads
CrowdStrike expands Falcon with mission-ready agents for AI security
Hitachi iQ Studio aims to ease AI deployment & boost governance

Top stories

Check Point scores 99.59% in top firewall security report by NSS
Exclusive: Financial services CIO urges banks to embrace Celonis tech
Trustmarque & Ultima merge to form GBP £1 billion IT giant
Why generic eCommerce platforms aren’t enough for the next generation
Catherine Birkett joins Twinkl to chair Audit & Risk Committee