Improving Breach Recovery, New Government Security Initiatives, and Recognizing Illumio Leadership

After a dramatic rise in cyberattacks in the past few years – 74 percent of organizations say they’ve been attacked in the last 2 years alone – organizations in both the public and private sector are working to find ways to mitigate security risks and fight their potentially catastrophic implications.

Illumio’s news coverage this month centered around new and ongoing security initiatives that are at the forefront of defending against today’s growing ransomware problem, including:

• Illumio’s Incident Response Partner Program
• CISA’s new Ransomware Vulnerability Warning Pilot (RVWP) program
• The new U.S. National Cybersecurity Strategy
• The UK’s new Cyber Security Strategy to 2030 for health and social care‍

How Illumio helps organizations recover from breaches – and quickly restore business operations

Ben Harel, Illumio’s Head of Incident Response and Head of MSP/MSSP Technical Sales, spoke to Mitch Ashley with TechStrong TV about Illumio’s new Incident Response Partner Program at RSAC.

Watch the full interview here.

There’s always been much discussion in the cybersecurity industry about preventing and detecting breaches before they happen – but in today’s threat landscape, breaches are inevitable. What happens after a breach occurs? According to IBM Security’s 2022 Cost of a Data Breach report, it takes an average of 277 days to identify and contain a breach, and the average cost of a data breach is now $4.35 million.

Even during the recovery process, attackers often remain active in the environment, preventing organizations from bringing systems back online as quickly as possible.

Illumio’s new Incident Response Partner Program is designed to work with leading digital forensics and incident response (DFIR) and recovery firms to include Zero Trust Segmentation (ZTS) as part of incident response (IR) and forensic engagements, Harel explained. For clients who are experiencing the impact of a security breach, Illumio helps them recover faster by prioritizing remediation to get their business operational again, much faster than traditional recovery methods. Illumio ZTS also prevents reinfection by halting all traffic between infected endpoints and servers, granting immediate network visibility and quickly restoring operations.

Learn more about why Illumio Zero Trust Segmentation is key to incident response in this article.‍

New government cybersecurity initiatives: Are they doing enough?

In the last few months, government organizations have released a handful of important cybersecurity initiatives working to combat the dramatic rise of ransomware attacks and other breaches. These initiatives highlight the government’s growing attention towards cybersecurity issues – a positive in today’s risky threat landscape. But for many security experts, the initiatives often lack the scope, influence, and enforcement process needed to make them effective.

Illumio’s Gary Barlet, Federal Field CTO, and Trevor Dearing, Industry Solutions Marketing Director, shared their thoughts on the benefits and challenges of several new government cybersecurity programs and strategies in this month’s news coverage.  

CISA’s new Ransomware Vulnerability Warning Pilot (RVWP) program

In May, CISA rolled out the new Ransomware Vulnerability Warning Pilot (RVWP) in an effort to mitigate ransomware attacks against critical infrastructure entities.

Read more about the new program in the InformationWeek article, CISA Rolls Out Program to Protect Critical Infrastructure From Ransomware.

The article by Carrie Pallardy explains that critical infrastructure, including services like power, clean water, and healthcare, are facing increasing pressure – and challenges – to stop catastrophic ransomware attacks. Pallardy asked Barlet about the issues government organizations are running into when it comes to protecting against ransomware.

According to Barlet, these organizations face “a lack of visibility across the entire enterprise, outdated IoT/OT devices, which have built-in vulnerabilities with no patches available (that ransomware can easily take advantage of), lack of resources (both people and technology) to combat ransomware attacks, and the fact that they are facing increasingly sophisticated attack techniques.”

This laundry list of challenges will be aided in part by CISA’s new RVWP program, explained Pallardy.

“Organizations need all the help they can get,” said Barlet. “This new program mirrors a pretty effective program CISA has run for the federal government for years. While not perfect, it provides an ‘extra set of eyes’ looking for publicly exposed vulnerabilities and bringing them to the attention of system owners.”‍

The Biden Administration’s new National Cybersecurity Strategy

In his recent Federal News Network article, Barlet outlines the three things he doesn’t see in the National Cybersecurity Strategy released by the Biden Administration in March: funding, planning, and prioritization.

Read Barlet’s full article, Three things missing from the National Cyber Strategy.

• ‍Funding: “The Biden Administration’s fiscal year 2024 budget request proposes a total of $74 billion in IT spending for federal civilian agencies, a 13% increase,” explained Barlet. “If Congress can fund cybersecurity initiatives at these levels...then agencies would have new funds to implement some of the new goals called for in the National Cybersecurity Strategy. While a great start, the federal government has underspent in cyber for so long, this is a drop in the bucket.”‍
• Planning: Barlet notes that the strategy gives a 10-year timeline for accomplishing its cybersecurity goals. “But ten years is an eternity in the world of technology,” Barlet said. He also sees a lack of concrete guidance to help government organizations defend against today’s breaches. “A ten-year plan does little to address this urgent problem.”‍
• Prioritization: Barlet knows that federal agencies are overwhelmed with mandates and executive orders about cybersecurity and IT operations. The new National Cybersecurity Strategy lacks much mention of how government organizations need to prioritize cybersecurity initiatives, spending, and defense. According to Barlet, “the strategy adds to that pile of marching orders without telling them which to follow first.

Overall, Barlet acknowledges that the new strategy is a “valuable contribution to the national conversation” about cybersecurity. But without “a timely plan, resources, and prioritization,” the strategy doesn’t have the teeth to make a “meaningful impact on national cyber resilience.”

Read more on Barlet’s recommendations for better government security initiatives in his Homeland Security Today article, Changing How We Look at Government Cybersecurity Mandates.

The UK government’s new Cyber Security Strategy to 2030 for health and social care

Dearing detailed his perspective on the UK government's new Cyber Security Strategy to 2030, aimed specifically at health and social care organizations in the BetaNews article, Is the NHS cybersecurity strategy to 2030 enough to protect healthcare?

The new strategy outlines five pillars aimed at helping health and social care organizations achieve cyber resilience by 2030:

• Focus on the greatest risks and harms
• Defend as one
• People and culture
• Build secure for the future
• Exemplary response and recovery

Dearing acknowledges that the new strategy is a “huge leap in the right direction” but highlights that it “lacks the detail and urgency seen in other national directives.”

“With attacks on the sector rising, quick action is needed to ensure healthcare providers can maintain services even while under attack, without the need to shut down services or move patients,” said Dearing.

Dearing’s recommendations to improve the plan include moving from a traditional prevention mindset to a breach containment approach, providing more information on how to secure Internet of Medical Things (IoMT) devices, and improving cyber resilience with Zero Trust security strategies. He particularly cites Zero Trust Segmentation as “critical for limiting the impact of attacks.”

“The new government policy is a much-appreciated step toward a secure future,” said Dearing. “However, it’s important that we don’t neglect the short-term opportunities to reduce risk and build resilience through breach containment, by focusing solely on long-term resilience goals.”

Industry recognition: Spotlighting Illumio’s Gautam Mehandru and Gary Barlet

This month, MarTech Series featured Illumio’s CMO Gautam Mehandru. In the Q&A, Mehandru shared his thoughts on taking on the CMO role at Illumio, tips and best practices for modern marketers, and the skills needed to help marketing teams prioritize revenue and growth.

His most important piece of advice to marketing leaders? It's imperative that an organization’s marketing strategy and go-to-market deliver the right message to the right buyers – something that’s easier said than done.

Read Mehandru's full interview here.

Gary Barlet, Illumio’s Federal Field CTO, was also recognized this month as a 2023 Cyber Defender. Each year, MeriTalk recognizes a handful of cybersecurity leaders who are helping government organizations make significant strides in quickening the pace of IT and security modernization. Barlet and the other winners are leading teams at the cutting edge of improving resilience, training, and development in cybersecurity.

See the full list of 2023 Cyber Defenders here.

Interested in learning more about Illumio? Contact us today.