The Zero Trust Hub

Trends, insights, and resources for today's cybersecurity leaders. Updated weekly.

Subscribe on LinkedIn
Weekly Podcast

The Monday Microsegment

NEWS

Overconfidence Kills: Why Ransomware Wins Without Containment

In SC Magazine, Trevor Dearing warns that overconfidence in prevention is ransomware’s biggest ally. He calls for a shift toward resilience through Zero Trust and segmentation to contain breaches and limit lateral movement.

NEWS

Why Zero Trust Is the Only Cure for Security’s Emotion Sickness

Speaking at a Teiss Briefing at the House of Lords in London, John Kindervag argued that trust is a human emotion that has no place in cybersecurity. He urged organizations to embrace Zero Trust instead.

Weekly Briefing

The Enemy Within: Why People Are Your Weakest Security Link

Last year, a multinational firm in Hong Kong made headlines when a clerk was tricked into wiring nearly $25 million to fraudsters after joining a video call with what looked — and sounded — like his company’s CFO and other execs. But the entire meeting was a deepfake, crafted with AI-generated voices and video.

He didn’t realize it was a scam until after the money was gone.

This incident wasn’t an isolated failure — it was one of countless examples of how attackers are bypassing technical defenses by targeting the human layer.

Why? Because the most sophisticated operating system in the world also contains the greatest number of bugs: the human brain. And thanks to AI, those bugs just got a lot easier to exploit.

Regardless of the most superhuman efforts, people simply can’t be patched. You can require employees to complete endless security awareness training. You can deploy wave after wave of security tools. But eventually, someone will make a mistake.  

Humans are the most common weakness in any security strategy, and cyberattackers know this. Fortunately, Zero Trust offers a solution.

Your biggest security risk is human nature

Businesses and government agencies have critical data and infrastructures to protect. But there’s often a disconnect between how employees and their organizations think about cybersecurity.

Employees assume cybersecurity is a business-level problem that gets addressed beyond their individual role. Or they believe the cybersecurity problem is just unsolvable. I’ve even heard some say that they’re fine with hackers accessing their devices because they have nothing to hide — not realizing that a breach on their device often means access to the rest of the network.

For bad actors, employees’ bad security behavior is just an easy stepping stone to higher-level and more lucrative network access.

Even employees who do take their organization’s cybersecurity seriously, will inevitably make mistakes. Overlooked patches, missed updates, misconfigurations — the possibility for error is endless.

Your own team may all follow the highest security practices, but do you trust teams or agencies outside your own? What about the security practices of those who connect to your infrastructure from the outside, such as contractors, suppliers, auditors, or developers?

People make mistakes. Zero Trust prepares for it.

Mistakes will happen. And bad actors will take advantage of them.  

A Zero Trust architecture assumes that one workload will eventually be breached, despite all best efforts at preventing it. While prevention is crucial, it’s not enough to fight against today’s complex, ever-changing threat landscape.

That’s why organizations need to turn their focus towards containing breaches. When a breach happens, a Zero Trust strategy stops breaches from spreading through the network, accessing critical data and assets, and causing lasting harm.  

Humans should be treated as just as vulnerable — if not more —than any workload. Whether it’s a careless mistake or a deliberate act, we have to assume a bad decision will happen. The goal is to isolate the impact when it does, stopping it from spreading across the network.

Zero Trust means that nothing should be trusted, whether digital or human. Both need to be considered in a complete Zero Trust strategy.

Zero Trust: your backup plan for human error

People make mistakes. Systems fail. And attackers are more than happy to exploit both.

That’s why Zero Trust isn’t just a nice-to-have — it’s a must. It’s not about expecting perfection and preparing for reality.  

By assuming breach, isolating impact, and containing the fallout, you stop a single mistake from becoming a full-blown disaster.

Zero Trust isn’t just a security model. It’s a mindset. And it’s time we apply it to everything, from workloads to users. Because trust is a vulnerability you can’t afford.

CHART OF THE WEEK

Staying Silent

According toThe 2025 Global Cost of Ransomware Study, many organizations choose not to report ransomware incidents to law enforcement. The top reason? Fear of unwanted publicity. Others cite tight payment deadlines and concerns about retaliation from attackers. Some organizations even opt out because they don’t see the ransom demand as excessive.

Zero Trust Resources

eBook

Strategies for DORA Compliance: Key Role of Zero Trust Segmentation

Is your organization ready for the January 2025 DORA deadline? Discover key strategies for cyber resilience and how Illumio Zero Trust Segmentation simplifies compliance.

GUIDE

Zero Trust Segmentation for Dummies

Breaches are inevitable, but the damage isn’t. Zero Trust Segmentation for Dummies simplifies how to stop threats from spreading, protecting your organization before they cause harm.

REPORT

2025 Global Cost of Ransomware Study

Some 88% of organizations were hit by ransomware in the last year. Are your defenses ready to stand up to today’s ransomware threat? Uncover the real impact of ransomware and strategies to stay resilient against the next inevitable attack.

We’re changing the security landscape. Join Illumio at RSAC 2025 to see what’s next in breach containment.

Be among the first to see how our newest capabilities will transform the way security teams detect and contain breaches before they escalate.

Top contributors

John Kindervag

Chief Evangelist

Raghu Nandakumara

Head of Industry Solutions

Gary Barlet

Public Sector CTO

Trevor Dearing

Director of Critical Infrastructure Solutions

Michael Adjei

Director, Systems Engineering

Christer Swartz

Director of Industry Solutions