In the fast-changing world of cybersecurity, experts are suggesting we shift our approach from traditional “risk management” to a more active “danger management” strategy. John Kindervag, who created the Zero Trust model, points out that the word “risk” can make people too relaxed because it sounds like we can calculate chances and accept some losses. On the other hand, “danger” emphasizes immediate threats that need quick responses.
Kindervag’s views are shaped by personal experiences. His nephew, who had a rare and serious cancer, faced only a 2% chance of survival. This tough time highlighted that when we deal with real dangers, statistics don’t matter; what matters is taking decisive action.
Typically, risk management in cybersecurity involves analyzing probabilities to predict possible breaches. However, Kindervag believes this approach is not enough because cyber threats can be so unpredictable. Instead, he advocates for “danger management” as a better fit for the Zero Trust framework, which operates on the belief that we should never fully trust any activity on the network. This means treating every interaction as potentially harmful, which increases our alertness and our ability to respond.
The Zero Trust approach, created by Kindervag in 2010, has become quite popular and even received backing through an executive order by U.S. President Joe Biden in May 2022, which requires federal agencies to implement Zero Trust systems. This method ensures that data and resources are protected by default, giving access only under certain verified conditions.
By embracing a danger management mindset, organizations can create a culture of urgency and proactive defense. This change encourages moving away from simply following rules and instead actively protecting important assets from constant cyber threats.
Catch the latest in supply chain news on The Supply Chain Report. Visit ADAMftd.com for free international trade tools.
#ZeroTrust #Cybersecurity #DangerManagement #RiskVsDanger #JohnKindervag #ProactiveDefense #CyberThreats #ZeroTrustFramework #CyberDefense #DigitalSecurity #NetworkSecurity #ExecutiveOrder2022 #CyberSafety #DataProtection #ThreatManagement
