Why companies are moving to a ‘zero trust’ model of cybersecurity