The Top 3 Cybersecurity News Stories You Need to Know From October 2023

Zero Trust principles must be central to every cybersecurity strategy — but it’s clear that many organizations are still falling back on traditional, outdated security thinking. Cyberattacks continue to wreak havoc on organizations, disrupting operations, costing millions of dollars, and leading to huge losses when it comes to customer and stakeholder trust.

This month’s cybersecurity news focused on the benefits of modern Zero Trust security converged with the detrimental impacts of ineffective prevention and detection cybersecurity tactics.

Keep reading to learn what top security experts had to say about on these topics:

• John Kindervag, the “Godfather of Zero Trust,” joins Illumio as Chief Evangelist

• Google’s new security program is based on old cybersecurity paradigms — and desperately needs a breach containment update  
• The fresh ransomware attack on Johnson Controls once again raises red flags about public and private sector cyber resilience

Illumio welcomes John Kindervag, the creator of Zero Trust, as Chief Evangelist!

A significant development in the Zero Trust landscape is the appointment of John Kindervag, often referred to as the “Godfather of Zero Trust,” as Illumio’s Chief Evangelist. Forbes writer Tony Bradley featured the news in his article, The ‘Godfather Of Zero Trust’ Joins Illumio.

Kindervag created the security strategy of Zero Trust over a decade ago in response to unprecedented changes in connectivity, network infrastructure, and the cyberattacks that breach them. The Zero Trust model, based on the principle of “never trust, always verify,” assumes threat actors have already breached the system, necessitating continuous verification and least-privilege access.  

According to Kindervag, a foundational technology of Zero Trust is Zero Trust Segmentation, also called microsegmentation, which divides the network into isolated segments to limit unauthorized access and contain the impact of potential breaches.  

“Why Illumio? Well, because of their high-performance focus on segmentation,” Kindervag explained. “I think segmentation as a core technology is the most important technology in Zero Trust. If I want a Zero Trust environment, it must be segmented for sure.”

By embracing Zero Trust and focusing on microsegmentation, Bradley explained that organizations can limit the impact of cyberattacks and create a more resilient and secure digital environment, particularly relevant in an era of increasingly sophisticated and pervasive cyberthreats.

Bradley said that Kindervag’s move to Illumio reflects a shared commitment to the fundamental principles of Zero Trust and the importance of refining this approach to cybersecurity. Kindervag's expertise in Zero Trust complements Illumio's Zero Trust Segmentation approach.

Illumio CEO Andrew Rubin validated this: “You couldn't pick a better moment in time to have somebody who basically is rooted in the beginning of this entire movement speaking with an Illumio voice. He knows why it's important. He figured it out before all of us, and he's been telling it as a story and an important part of cyber for a very long time.”

The world's largest tech companies taking an outdated view on cybersecurity

This month, Google implemented a pilot program to enhance cybersecurity by restricting internet access for a select group of employees. But is this the best approach to security in today’s complex, evolving threat landscape? This month’s article in TechRadar Pro by Raghu Nandakumara, Senior Director of Industry Solutions Marketing at Illumio, Should businesses follow Google’s footsteps in cybersecurity?, suggests not.

Initially involving 2,500 individuals and later expanding, Google’s new program is aimed at reducing the digital footprint of employees and mitigating risks associated with unrestricted internet access at Google. However, the approach primarily focuses on keeping external threats out and may not address threats that may arise from within the network, Nandakumara said.  

“Removing direct internet access doesn’t necessarily make an organization's internal systems immune from potential threats or compromises,” he explained. “There will always be some degree of vulnerability because these internal systems often remain connected to other devices that can access the internet within the network.”

Nandakumara explained that it’s impossible to stop all cyberattacks at the perimeter. At some point, an attack will get through. However, Google’s new cybersecurity tactic still follows the same outmoded security mindset that perimeter defenses are enough to completely prevent breaches.

“Today, we have arrived at the era of breach containment which requires robust protective measures behind the perimeter to enable rapid isolation of threats like ransomware,” Nandakumara explained. “The focus must no longer be on purely preventing attacks, but also on containing them quickly without operational disruption.”

To address these internal threats, Nandakumara recommended a shift from perimeter-focused security strategies like Google’s, to containment strategies like Zero Trust Segmentation (ZTS). ZTS allows organizations to visualize and control communication within the network, enabling granular policies that limit unnecessary communication. It offers the ability to contain breaches within specific segments, reducing potential damage and bolstering cybersecurity posture.

While there’s nothing wrong with Google’s approach to restrict internet access, organizations shouldn’t overlook longer-term security practices that proactively prepare for inevitable breaches in favor of short-term risk reduction tactics. In the evolving cybersecurity landscape, a focus on containment and resilience, beyond just prevention and detection, is crucial for safeguarding organizations against evolving threats.

Another cyberattack highlights the needs for Zero Trust Segmentation in public and private sectors

Late last month, Johnson Controls International, a company with extensive business ties to U.S. federal agencies and the defense industry, disclosed that they had suffered a ransomware attack. Cybersecurity Dive’s Matt Kapko detailed the attack and its future consequences in his article, Cyberattack against Johnson Controls sparks downstream concerns.

The attack disrupted some of the company's internal IT infrastructure and applications. While they haven’t officially identified the threat actor behind the attack, there are indications that a group called Dark Angels may be responsible. This group is known for creating ransomware variants from leaked or existing code and has previously targeted organizations in healthcare, government, finance, and education. Johnson Controls is partnering with the Department of Homeland Security (DHS) to get further information about what — if anything — was exfiltrated during the breach.

Kapko emphasized that the incident highlights broader concerns about security standards among government contractors, as many continue to lack modern cybersecurity measures.  

Gary Barlet, Illumio Federal Field CTO, agreed with Kapko’s concern: “The potential downstream impacts on some of the nation’s most critical infrastructure underscores a larger issue with government contractors’ security standards.”

This article underscores the importance of enhancing cybersecurity measures for government contractors and the potential risks to critical infrastructure when such standards are not met.

“While the government continues to talk about having government contractors meet minimum security standards, there will be little incentive for vendors to invest in the needed security until there are penalties levied against vendors who fail to do so,” Barlet explained. “Accountability is key, and everyone needs to start taking this seriously.”

According to Kapko, the incident at Johnson Controls serves as a reminder of the ongoing challenges in securing critical infrastructure and the need for better cybersecurity practices across both public and private sectors.

These challenges have prompted Illumio to partner with Carahsoft to establish a Master Government Aggregator agreement to make Illumio Zero Trust Segmentation (ZTS) available to the public sector. As the Master Government Aggregator, Carahsoft will offer Illumio's ZTS platform through various resellers and government contracts, including the General Services Administration Schedule and the National Association of State Procurement Officials contracts.

The partnership is possible by Illumio’s In Process designation at the moderate-impact level with the Federal Risk and Authorization Management Program (FedRAMP), adding breach containment to government agencies’ cyber resilience reserves.  

Contact us today for a free consultation and demo of Illumio Zero Trust Segmentation.