Research has proven that Zero Trust security is one of the best ways to protect against modern cyberattacks. Security leaders are now urging organizations to use Zero Trust to achieve cyber resilience. But what is the right way to implement it?
This question plagues many security teams and was the emphasis of this month’s cybersecurity news.
ESG research confirms Zero Trust Segmentation increases cyber resilience
VentureBeat reported on new ESG research commissioned by Illumio on Zero Trust in their article, Report: Orgs with Zero-Trust Segmentation Avoid 5 Major Cyberattacks Annually.
The Zero Trust Impact Report found that organizations leveraging Zero Trust Segmentation avert five major cyberattacks annually and save more than $20 million in downtime costs. This shows that Zero Trust is one of the best security strategies for managing the risks of cyberattacks and increasing cyber resilience.
VentureBeat ties the growing impact of Zero Trust to accelerated digital transformation which has created hybrid, hyper-connected networks. Organizations are left increasingly vulnerable to cyberattack, especially when legacy, perimeter-based security tools no longer protect today’s dispersed IT environments.
“This surge in connectivity and growing hybrid complexity has led to a dramatic uptick in the number of vulnerable endpoints (i.e., laptops) and a widening attack surface,” VentureBeat said.
In fact, 76% of organizations have experienced a ransomware attack and 66% have experienced at least one software supply chain attack in the last two years alone. However, VentureBeat highlighted the report’s findings that nearly half of security leaders do not believe they will be breached – despite the mountain of evidence saying otherwise.
The report also found encouraging news: 90% of organizations are planning to advance their Zero Trust initiatives in 2022. And 81% of organizations agree that Zero Trust Segmentation plays a critical role in accelerating Zero Trust efforts. These statistics were particularly surprising to VentureBeat as they highlight the gap that remains between Zero Trust implementation and full adoption of Zero Trust’s core tenet of “assume breach.”
“In short, the report is the latest to demonstrate that Zero Trust, and specifically Zero Trust Segmentation, are modern strategies to reduce risk and increase cyber resilience as the threat landscape continues to grow and evolve,” explained VentureBeat.
Don’t wait to start your Zero Trust journey
Illumio CTO and co-founder, PJ Kirner, discussed Zero Trust Impact Report findings and how organizations can achieve cyber resilience with Zero Trust in his interview with TechStrong TV.
Kirner’s key message to security teams was to start now. Breaches will happen, and having a Zero Trust security strategy in place will protect against cyber disasters.
Watch his interview:
Protecting critical infrastructure with proactive cybersecurity strategies
Illumio’s Federal Director, Mark Sincevich, wrote Zero Trust Bolsters Our National Defense Against Rising Cyber Threats for Dark Reading this month. He addressed the U.S. Federal government’s continued focus on cybersecurity to protect critical infrastructure and build cyber resilience from the inside out.
“The Colonial Pipeline and JBS attacks, among others, showed us that our national resilience is only as strong as public-private sector collaboration,” said Sincevich. “And as ransomware attacks remain the norm, new collaborative strategies and programs are underway to build and foster cyber resilience.”
Sincevich wrote that the Federal government continues to take steps in the right direction, with recent cybersecurity initiatives including:
- The Cyber Incident Reporting for Critical Infrastructure Act of 2022: Following attacks like Colonial Pipeline, President Biden signed this law which requires new “mandatory reporting requirements for critical infrastructure entities in the event of certain cyber incidents and ransomware payments.”
- The Cybersecurity and Infrastructure Security Agency's (CISA) new Shields Up program: The program outlines guidance for public and private organizations to reduce the likelihood of a successful cyberattack.
- The National Institute of Standards and Technology (NIST): NIST recently published guidance for securing enterprises against supply chain attacks targeting critical infrastructure. The new guidance stresses the importance of risk monitoring for cyber defense.
Despite these positive initiatives, more needs to be done to build national cyber resilience. Sincevich recommends implementing a Zero Trust security framework based on President Biden’s May 12 Executive Order 14028, “Improving the Nation’s Cybersecurity,” which directed “the immediate need for federal agencies to implement Zero Trust to bolster national cyber resilience.”
In particular, he emphasized microsegmentation as a key component of Zero Trust security. Zero Trust assumes breaches will occur, and microsegmentation stops the spread of those attacks when they happen. As a result, it reduces the network’s attack surface by breaking down internal infrastructure into smaller segments. This helps keep breaches from disrupting the supply chain and halting critical infrastructure functions.
“A proactive cyber strategy, coupled with increased public-private partnerships and adherence to strong cyber hygiene practices, are critical components of bolstering our national cybersecurity posture,” said Sincevich.
Zero Trust implementation mistakes to avoid
Over the past two years, more sophisticated cyberattacks, accelerated cloud adoption, and a shift to remote and hybrid work have prompted organizations to turn to a Zero Trust security strategy to protect their networks.
But as Network World highlights in their article, 5 Mistakes to Avoid When Implementing Zero Trust, the resulting hype around Zero Trust technologies has caused confusion about what Zero Trust is and how to implement it.
According to Forrester, “Fake news propagated by security vendors about Zero Trust caused confusion for security pros.”
Network World’s article highlights five mistakes organizations should avoid when implementing a Zero Trust security strategy – and how to resolve them.
- Assuming Zero Trust means ZTNA: Zero Trust Network Access (ZTNA) is a Zero Trust strategy, but it does not achieve Zero Trust alone, according to Network World. While ZTNA is based in Zero Trust principles, Network World recommends a foundation of Zero Trust Segmentation to isolate sensitive data and systems to reduce the spread of a breach.
- Confusing Zero Trust with a product: There are many tools and products that can help organizations implement a Zero Trust strategy, but these tools aren’t the strategy itself. Network World says to ignore the labels and look for products with capabilities tied back to the fundamental principles of Zero Trust.
- Assuming you can achieve Zero Trust without basic security hygiene: Deploying tools isn’t enough to achieve Zero Trust – or protect your network. Organizations must get visibility into communication flows, especially areas within infrastructure where protection is based on some form of trust, according to Network World.
- Having poorly defined user access policies: Security and IT administrators must have a clear understanding of who needs access to what before making user access policies, says Network World. Without this, Zero Trust’s core tenet – least-privilege access to the network – cannot be achieved, leaving the network open to vulnerabilities.
- Neglecting the user experience: Zero Trust security can have a major impact on end users. Network World cautions security teams about implementing Zero Trust initiatives without first preparing users for the change.
Overall, Network World emphasizes that Zero Trust is a security approach rather than a product, platform, or one-off fix. Zero Trust encompasses a variety of strategies, helping security teams have an action plan to prepare for breaches that inevitably access the network.
Get more information on Illumio and Zero Trust Segmentation:
- Read how Illumio helped a global law firm stop a ransomware attack.
- Download the Forrester Wave reports naming Illumio a Leader in both Zero Trust and microsegmentation.
- Contact us today to schedule a consultation and demonstration.