Recently, we worked alongside Dicker Data and Microsoft bringing together a group of executives for a discussion on the evergreen topic of security. What was clear from the attending executives is one overriding factor: cybersecurity is always in a constant state of flux, with new threats, new products, and new risks. 

Yet, at the same time, the basics of defence never go out of fashion. And to those basics, everyone really should consider looking at how they can implement the best practices around Zero Trust. Like MFA, it’s not particularly difficult to implement and configure, but worth its weight in gold when it matters. 

Right now, ‘flux’ is (of course, what else) centred around AI. As professionals engage and obtain productivity benefits in AI, so to do the bad actors of the cybercrime world. That means a slew of new threats, coming faster and more often as hackers use AI for automation, attacking more targets with greater precision in reduced time. 

Security is something of an enduring example of the Pareto Principle, which states that 80% of the gain generally comes from 20% of the effort. The basics are essentially the 20% of effort, and they matter regardless of the threat environment (which, as mentioned, constantly shifts). Whatever those threats are, whether yesterday, today or tomorrow, doing the basics well will mitigate them. 

What are the basics? You could do a lot worse than checking out the Essential 8. 

Zero Trust as a concept enforces robust internal and external controls. Internally, it mandates continuous verification through identity management, endpoint compliance, and data classification. It also prevents lateral movement via micro-segmentation and least-privilege access. 

Externally, it mitigates supply chain vulnerabilities by scrutinizing third-party access and using AI telemetry analysis for anomaly detection. 

When starting with the assumption that no person, no service, no application and no network is inherently trustworthy, and assuming every request for connection has malicious intent, then you will be more secure.  That is Zero Trust. 

This holistic approach curbs contagion, where a breach in one area cascades to others, by isolating segments and employing real-time threat detection. 

Microsoft's Zero Trust model, with its multiple pillars provides a blueprint for implementation. And, Microsoft has recently launched Security and Compliance add-ons for Microsoft 365 Business Premium, purpose-built for small and medium businesses. Combined with the Defender Suite for Business Premium, the result delivers comprehensive threat protection across identity, endpoints, email, and cloud apps. 

Crucially, Zero Trust can be introduced without disrupting user experience. A phased rollout, starting with simple changes like conditional access policies and single sign-on (SSO), ensures friction-free adoption. Businesses can map risks, prioritize high-impact areas, and use self-assessments to mature gradually, maintaining productivity. 

Because one of the other enduring principles of cybersecurity is that if you’re a tougher nut to crack, hackers will simply focus their efforts elsewhere.