Adviser Domain – Defining Zero Trust Cybersecurity Ahead of 2021

Garrett Baldwin Reviews This Week's Cybersecurity Focus


Last week, Jason Lish, CISO of Advisor Group, and Sid Yenamandra, CEO of Entreda, penned an article in ThinkAdvisor. 

It is a terrific piece, one that explains the impact of COVID on cybersecurity. The authors argue something that requires greater reminding across the advisor space. Cybersecurity is more important than ever for wealth management firms. 

Here’s the opening sentence… “In the COVID-19 era, incorporating zero-trust into cybersecurity strategies is more important than ever for wealth management firms, with so many financial advisors and firm employees using a broader range of tools and working from more varied, remote locations.”

There’s a key term in there that isn’t exactly something I see very often. But it gave me a hard stop, even though I know what the term means. 

“Zero Trust.”

It’s in the title. 

It’s in the first sentence.

“Zero Trust” is mentioned eight times. 

But what is Zero Trust? This is a quick recap of the term and what it means for advisors.

Defining Zero Trust

Zero Trust is a very simple security concept. It operates around one belief: Trust no one. No process. No technology. No one inside the organization or outside of the parameters. Everything requires verification. Everything must receive permission before connecting to a network. 

Two years ago, Charlie Gero, CTO of Enterprise and Advanced Projects Group at Akamai Technologies, said it best. 

“The strategy around Zero Trust boils down to don’t trust anyone. We’re talking about, ‘Let’s cut off all access until the network knows who you are. Don’t allow access to IP addresses, machines, etc. until you know who that user is and whether they’re authorized,’” he said.

It’s important as advisers to not only adopt these measures, but also extend them to their clients. ThinkAdvisor’s audience is much more advanced around issues tied to cybersecurity. 

However, the average American is not as savvy. So, it’s important to put these definitions in front of them as clearly as possible.

After all, data shows that when it comes to technology, cyber, and digital elements, people are much less sophisticated. 

A Pew Research Center Survey asked 4,272 U.S. adults 10 questions about cybersecurity and digital topics in 2019. 

2% got HALF of the questions correct. HALF.

Here are a few other interesting takeaways.

  • 28% can identify an example of two-factor authentication
  • 24% know that private browsing just hides browser history from other users of that computer
  • 29% know WhatsApp and Instagram are both owned by Facebook

I’d love to know what the average person knows about the term “Zero Trust.” 

Then I’d remember that 50% of people know less than that person.