Posted on

Zero Trust Security Models: The New Standard Against Data Breaches?

4 min read

Zero Trust Security Models: The New Standard Against Data Breaches?As technology evolves, so have data breaches, which have become a significant threat to businesses of all sizes. We frequently hear reports of high-profile attacks on major organizations, global corporations, and even government agencies. Emerging technologies such as generative artificial intelligence and machine learning make cybersecurity more challenging. They enable cybercriminals to automate attacks, create sophisticated phishing schemes, and develop advanced malware to evade traditional security measures. Hence, companies have no choice but to change how they approach cybersecurity.

To deal with these modern threats, Zero Trust security models are gaining widespread adoption as the preferred standard for effectively protecting against data breaches.

What is Zero Trust?

Zero Trust is a cybersecurity framework based on the “never trust, always verify” principle. Unlike traditional models that grant access based on network location, Zero Trust requires continuous verification of each user, device, and application attempting to access resources.

Instead of assuming that someone within the network can be trusted, Zero Trust demands constant authentication and least-privilege access. This means users are granted access to only the data and resources they need to perform their tasks. Basically, every interaction is assumed to be a breach.

How Zero Trust Differs from Traditional Security Models

Historically, businesses operated on a “perimeter-based” approach – trusting everything inside their network and guarding against threats from the outside. However, the once-clear network boundary has become unclear with the rise in remote work, cloud computing, and mobile devices. Breaches today can occur internally, often by compromised accounts, rogue insiders, or lateral movement of malware.

Cyberthreats have become such a huge problem that the U.S. government issued an executive order to help improve the nation’s cyber security by mandating that federal agencies adopt the Zero Trust architecture. This further pushes businesses to rethink their cybersecurity strategies.

Key Components of a Zero Trust Model

Zero Trust models are built on several core principles:

  • Continuous verification – Authentication is ongoing, requiring verification for every request made by a user or device.
  • Least-privilege access – Users receive only the minimum level of access needed to perform their jobs.
  • Micro-segmentation – Networks are divided into smaller zones, limiting the lateral movement of potential threats.
  • Contextual monitoring – Continuous monitoring of users and devices based on context – such as location, device health, and behavior – to identify abnormal activities.
  • Multi-factor authentication (MFA) – MFA requires users to provide two or more forms of authentication, such as a password combined with a biometric factor or a security token.
  • Encryption – All data must be encrypted to protect it from unauthorized access or interception. Encryption ensures that even if attackers manage to capture data, they cannot read or exploit it without the appropriate decryption keys.
  • Access Controls – Applying strict policies to determine who can access specific data and systems based on their role and identity.

Benefits of Zero Trust

  1. Stronger protection against data breaches – Zero Trust models significantly reduce the risk of data breaches by enforcing strict identity verification and limiting access to only necessary resources. Even if an attacker gains entry, micro-segmentation ensures limited movement, containing threats, and minimizing damage.
  2. Enhanced regulatory compliance – Zero Trust helps businesses meet regulatory requirements like GDPR and HIPAA by enforcing strict access controls and continuous monitoring. This approach simplifies compliance and ensures that only authorized users can access sensitive data, reducing the risk of fines.
  3. Improved visibility and control – With continuous monitoring, Zero Trust provides better visibility into network activity, making detecting suspicious behavior in real-time easier. This added control enhances security and operational efficiency, allowing immediate responses to potential threats.
  4. Reduction of insider threats – Zero Trust minimizes insider threats by requiring strict identity verification and limiting access, even for internal users. This makes it harder for malicious insiders or compromised accounts to cause significant damage within the network.
  5. Support for remote work and cloud environments – Zero Trust offers safe access to resources from any location. This flexibility ensures that businesses maintain strong security for both in-office and remote teams.

Conclusion

Zero Trust security models represent a significant shift from traditional perimeter-based defenses to a more dynamic and resilient approach. For business owners, adopting Zero Trust principles can provide peace of mind and enhanced protection in today’s unpredictable cyber landscape. With time, emerging technologies like artificial intelligence, IoT, and cloud computing will continue to shape the evolution of Zero Trust, making it an essential part of a robust cybersecurity strategy.

Posted on

Keeping the Government Open, Stopping the Flow of Synthetic Drugs, and Improving Wireless Communications on Land and in Space

4 min read

Keeping the Government Open, Stopping the Flow of Synthetic Drugs, and Improving Wireless Communications on Land and in SpaceContinuing Appropriations and Extensions Act, 2025 (HR 9747) – This continuing resolution was introduced on Sept. 22 as a “clean” extenuation of the federal budget to fund the government until Dec. 20. Up until this point, a handful of Republicans had attached unrelated bills pertaining to November election restrictions, which they did not have the votes to pass in the House and would never have passed in the Senate. After several weeks of threatening to shut down the government by not passing a continuing appropriations bill, the House Speaker proposed this “last-minute” tied over with the minimum appropriations necessary to keep the government up and running. While it still does not solidify the federal budget for the 2025 fiscal year (Sept. 29, 2024, through Sept. 27, 2025), this bill is expected to pass in the House on Sept. 25 and to clear the Senate and be signed by the president by Sept. 29.

Preventing the Financing of Illegal Synthetic Drugs Act (HR 1076) – Introduced by Rep. Mónica De La Cruz (R-TX) on Feb. 17, 2023, this bill directs the Government Accountability Office to conduct a study on illegal funding sources related to the trafficking of synthetic drugs such fentanyl and methamphetamine. The bill passed in the House on May 22, 2023, in the Senate on July 23, 2024, and was signed into law by the president on Sept. 13.

Launch Communications Act (S 1648) – This act will update ground-to-space rocket communications going forward. Presently, commercial missions are required to use the government-owned spectrum to communicate during launches, including special temporary authority for private companies. This bill permits the Federal Communications Commission (FCC) to facilitate seamless access to broadband spectrum frequencies for commercial space launches and re-entries. The bill, which was introduced on May 17, 2023, by Sen. Eric Schmitt (R-MO), passed unanimously in the Senate on Oct. 21, 2023, and in the House on Sept. 17. It is currently awaiting signature by the president for enactment.

FUTURE Networks Act (HR 1513) – The acronym stands for Future Uses of Technology Upholding Reliable and Enhanced Networks Act. Introduced by Doris Matsui (D-CA) on March 9, 2023, this act would instruct the Federal Communications Commission (FCC) to establish a 6G Task Force comprised of private, academic and government experts to monitor the status of sixth-generation wireless technology, including its possible uses. The House passed the bill on Sept. 18, and the bill now rests with the Senate.

Violence Against Women by Illegal Aliens Act (HR 7909) – This bill would amend the Immigration and Nationality Act to make non-U.S. nationals (aliens) convicted of or having admitted to committing sex offenses or domestic violence (including conspiracy to commit a sex offense) be ineligible for country admission and deportable. Introduced by Rep. Nancy Mace (R-SC), the bill passed in the House on Sept. 18 and currently lies in the Senate.

Intergovernmental Critical Minerals Task Force Act (S 1871) – Introduced by Sen. Gary Peters (D-MI) on June 8, 2023, this bill would enable coordination among state, local, tribal and territorial jurisdictions with the federal government to mitigate national security risks related to the current U.S. critical mineral supply chains. Specifically, the intent is to make the United States less reliant on China and other countries for critical minerals and rare earth metals. Provisions of the bill allow for development, mining and strengthening of our domestic workforce and to improve partnerships with allied countries for dependable mineral supply chains. The bill passed in the Senate on Sept. 8 and is currently with the House.

SMART Leasing Act (S 211) – Introduced on Feb. 1, 2023, by Sen. Gary Peters (D-MI), this bill would launch a program to lease underutilized properties owned by the federal government. The net funding would then be used for capital projects and to help offset the national deficit. The act passed in the Senate on Aug. 1 and is currently under consideration in the House.

Posted on

How to Account for Stranded Assets

4 min read

How to Account for Stranded AssetsWith more than 14 million electric vehicle (EV) registrations in 2023 worldwide and 2023 seeing an increase in EV sales over 2022 by 35 percent, manufacturers are probably happy – but not those producing the traditional internal combustion engine (ICE) vehicles. This is according to the International Energy Agency’s Global EV Outlook 2024: Trends in Electric Cars.

This statistic is important because it illustrates how assets can be rendered less useful and potentially turn into stranded assets. A stranded asset, defined, is an asset that’s no longer able to provide its owner the profitable payback they originally expected. The difference is based on shifts, primarily negative, that impact the asset’s expected productive performance.

How & Why Assets Become Stranded

When an asset loses its earning power, normally due to extraneous circumstances, like the invention of a more efficient battery, it can become stranded. For example, a machine that’s exclusively capable of making an internal combustion engine (ICE) vehicle can be considered stranded as the transition to electric vehicles (EV) is made. Since the machine is less valuable because it makes fewer and fewer ICE vehicles, it could be impaired or stranded.

This example illustrates that new technology, especially one that moves forward, can render equipment less useful than previously expected. Other ways assets can be stranded include administrative modifications, evolving societal conventions, etc.

Considerations for Stranded Assets by Testing an Asset for Impairment

The primary way to establish if an asset is stranded is to run an impairment test on it. Stranded assets impact the income statement via a non-cash loss, along with impacting the balance sheet by reducing asset value. Therefore, companies must report a loss on the income statement as it’s completely written off the balance sheet.

Whether it’s through the lens of International Financial Reporting Standards (IFRS) or generally accepted accounting principles (GAAP), whether an asset is intangible or tangible, when its value issue is less than book value or impaired, it must be written down.

GAAP Standard

The first step is to determine the carrying value. This is calculated by subtracting the accumulated depreciation from the asset’s original cost. From there, the asset’s projected undiscounted future cash flows (UFCF) are analyzed against the asset’s carrying value. If the total UFCF is less than the carrying value, an asset is considered impaired.

IFRS Standard

The first step also looks at an asset’s carrying value. From there, if either of the following two values is lower than the carrying value, it’s considered impaired:

  • Present value of future cash flows generated by the asset (the so-called “fair value in use” consideration)
  • Fair value less costs to sell the asset

Financial Statement Considerations

If an asset is impaired or stranded, whatever amount the asset drops by, it lowers the business’ asset’s value on the balance sheet. Looking at the income statement, it’s considered a loss. Additionally, since a devaluation is not considered a cash event, it doesn’t trigger any cash outflows. A real-world example can better illustrate this.

The following assumes a business reports its accounting under GAAP. It could be a company that produces fracking equipment to recover natural gas and crude oil. With the uncertainty of domestic fossil fuel policy, specifically where land can be explored, the threat of OPEC and/or Iran being able to determine their production, and the threat of increased government spending on green energy, fracking equipment has a current carrying value of $10 million. However, with increased competition from the three different factors, the same assets can produce an aggregate of $7.5 million in undiscounted future cash flows.

Based on GAAP, since the carrying value is $2.5 million more than the total undiscounted future cash flows, the business would need to record the same amount for an impairment loss. The journal entries would be:

Loss from Impairment Debit:. $2.5 million

Provision for Impairment Losses Credit:  $2.5 million

Conclusion

When it comes to accounting for stranded assets, it’s important to ensure guidelines are followed based on the type of accounting standards businesses must follow.