ACG-CYBER SECURITY BULLETIN NR 395: Securing the Organization with the Zero Trust Security Model

Posted on June 16, 2025

Reference Number ACG-CSB 061025395

The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY

The Zero Trust Security Model is a modern cybersecurity approach that assumes no user, device, or system should be trusted automatically — even if it is inside the organization’s network. It works on a clear principle: “Never trust, always verify.” This means access is not granted based on location or past approval but must be earned each time through identity checks, device security, and behavior analysis.

This model is effective because it limits access, verifies identity at every step, and ensures that only approved users and devices can reach certain data or systems. Even if an attacker gets into one part of the network, they cannot move freely or reach sensitive areas. This helps contain threats and reduces the risk of widespread damage.

In the past, once someone connected to a company’s network, they were trusted by default. But today, threats often come from stolen passwords, remote devices, or malware. Zero Trust changes this by questioning every access request, even from users inside the network. It gives users only the minimum access they need for their work. For example, someone in finance can access payment systems but not engineering files. Even trusted users must go through security checks like multi-factor authentication.

Consider this example: if someone steals an employee’s login details through phishing, a traditional system might allow access. But with Zero Trust, the system spots unusual activity — like a login from a new location or unknown device — and either blocks access or asks for extra verification. In another case, if a contractor’s laptop is infected with malware, a regular setup might let it connect to the network and spread the threat. Zero Trust first checks the device’s security. If it doesn’t meet the standard, it stays isolated and cannot access the network.

Zero Trust also supports remote work, cloud services, and mobile access — all common in modern organizations. It gives leadership better control over systems, helps meet compliance requirements, and improves visibility into who is accessing what and when.

One of the biggest advantages of Zero Trust is that it reduces the attack surface, meaning it limits all the possible ways an attacker could break in. By giving access only when needed, verifying every request, and blocking unnecessary connections, Zero Trust makes it much harder for threats to succeed. Even if an attacker gets inside, strong controls stop them from going further.

Implementing the Zero Trust Security Model is a shared responsibility. IT and cybersecurity teams lead by designing and maintaining the system. Leaders support it by aligning security with business goals and encouraging a security-focused culture. Every member of the organization plays a role by following the rules and practicing safe behavior. Success depends on everyone working together.

RECOMMENDATION

Recommended security practices for all members of the organization:

Always use strong, unique passwords and avoid reusing them across accounts. A strong password should include a mix of letters, numbers, and symbols. Reusing passwords increases the risk of multiple accounts being compromised if just one is exposed;
Enable multi-factor authentication for extra login protection. This adds an extra layer of security by requiring something in addition to a password, such as a code sent to a mobile device or an authentication app;
Never share login credentials, even with coworkers. Sharing usernames or passwords creates unnecessary risk and makes it difficult to track who is responsible for certain actions within the system;
Lock screens or devices when stepping away, even briefly. An unlocked device can be accessed by anyone nearby. Locking it ensures that only authorized users can continue using it;
Use only approved apps and tools provided by the organization. Unapproved software may not meet security standards and could introduce malware or other risks into the network;
Report lost or stolen devices immediately. Quick reporting helps the IT or security team take steps to protect sensitive information and reduce potential damage; and
Follow security guidance from the IT or cybersecurity team. These teams provide trusted instructions and best practices to help everyone contribute to the organization’s security.

For additional information, please refer to the following websites:

https://www.crowdstrike.com/en-us/cybersecurity-101/zero-trust-security/
https://learn.microsoft.com/en-us/security/zero-trust/zero-trust-overview
https://www.cloudflare.com/en-gb/learning/security/glossary/what-is-zero-trust/

POINT OF CONTACT

Please contact PLTCOL JERRY V EMPIZO, Acting Chief, Cyber Security Unit, thru e-mail address csradacgroup@gmail.com or contact us by telephone number (632) 723-0401 local 7488 for any inquiries related to this CYBER SECURITY BULLETIN.